I'm making a POST request to upload a picture to a website.
In the page, there is one FileUpload and one input (textBox) and in fiddler I found out that the page is sending some data using Multipart Post request mode (Content Disposition: multipart-formdata;)
Everything seems to be OK, coz in fiddler everything is the same about what my app is posting and what the page is sending... Just not about headers order...
My question is that is it really important to put headers in a right order? and if yes, how can I do it? (as we are just setting some properties in request, there is no where to set the order...)
thanks for any advise...
The order of HTTP Headers doesn't matter for headers with different names. If there are multiple headers with the same name, however, the order is important.
See RFC 2616
The order in which header fields with differing field names are
received is not significant. However, it is "good practice" to send
general-header fields first, followed by request-header or response-
header fields, and ending with the entity-header fields.
Multiple message-header fields with the same field-name MAY be
present in a message if and only if the entire field-value for that
header field is defined as a comma-separated list [i.e., #(values)].
It MUST be possible to combine the multiple header fields into one
"field-name: field-value" pair, without changing the semantics of the
message, by appending each subsequent field-value to the first, each
separated by a comma. The order in which header fields with the same
field-name are received is therefore significant to the
interpretation of the combined field value, and thus a proxy MUST NOT
change the order of these field values when a message is forwarded.
Akamai will block you if you have the wrong order.
$ curl -v -H "$UA" -H "$ACCEPT" -H "$ENCODING" $URL |& grep '< HTTP'
< HTTP/1.1 403 Forbidden
$ curl -v -H "$ACCEPT" -H "$UA" -H "$ENCODING" $URL |& grep '< HTTP'
< HTTP/1.1 301 Moved Permanently
They use the implicit ordering of specific clients to detect malicious user agents. See my blog the topic:
http://gwillem.gitlab.io/2017/05/02/http-header-order-is-important/
I my experience with Chrome's webRequest api, there is never any guaranteed order of http headers. So, on that front, header order doesn't matter.
