Is the order of webrequest Headers important?

Asked 25/6, 2012 at 21:34 Answered 2/5, 2017 at 9:20

Solved http-post httpwebrequest http-request http-error

I'm making a POST request to upload a picture to a website.
In the page, there is one FileUpload and one input (textBox) and in fiddler I found out that the page is sending some data using Multipart Post request mode (Content Disposition: multipart-formdata;)
Everything seems to be OK, coz in fiddler everything is the same about what my app is posting and what the page is sending... Just not about headers order...

My question is that is it really important to put headers in a right order? and if yes, how can I do it? (as we are just setting some properties in request, there is no where to set the order...)

thanks for any advise...

Harlamert answered 25/6, 2012 at 21:34 Comment(1)

possible duplicate of Does the order of headers in an HTTP response ever matter? – Ambrotype 25/6, 2012 at 21:59

The order of HTTP Headers doesn't matter for headers with different names. If there are multiple headers with the same name, however, the order is important.

See RFC 2616

The order in which header fields with differing field names are received is not significant. However, it is "good practice" to send general-header fields first, followed by request-header or response- header fields, and ending with the entity-header fields.

Multiple message-header fields with the same field-name MAY be present in a message if and only if the entire field-value for that header field is defined as a comma-separated list [i.e., #(values)]. It MUST be possible to combine the multiple header fields into one "field-name: field-value" pair, without changing the semantics of the message, by appending each subsequent field-value to the first, each separated by a comma. The order in which header fields with the same field-name are received is therefore significant to the interpretation of the combined field value, and thus a proxy MUST NOT change the order of these field values when a message is forwarded.

Ambrotype answered 25/6, 2012 at 22:2 Comment(3)

No idea. You haven't provided enough information to answer that question. Is an exception being thrown on the server? – Ambrotype 25/6, 2012 at 22:11

I have no access to the server... the only thing i guess is about encoding of string values... Does it really make this error appear to me? – Harlamert 25/6, 2012 at 22:14

I would contact the administrator of the server for help troubleshooting then. Without knowing what error is causing the HTTP 500, you're going to be running in circles. – Ambrotype 25/6, 2012 at 22:18

Akamai will block you if you have the wrong order.

$ curl -v -H "$UA" -H "$ACCEPT" -H "$ENCODING" $URL |& grep '< HTTP'
< HTTP/1.1 403 Forbidden
$ curl -v -H "$ACCEPT" -H "$UA" -H "$ENCODING" $URL |& grep '< HTTP'
< HTTP/1.1 301 Moved Permanently

They use the implicit ordering of specific clients to detect malicious user agents. See my blog the topic:

http://gwillem.gitlab.io/2017/05/02/http-header-order-is-important/

Depository answered 2/5, 2017 at 9:20 Comment(1)

I had the same issue, Akamai takes into consideration the order of the headers (not just the order as you explain in your post) – Pascual 14/1, 2022 at 9:0

I my experience with Chrome's webRequest api, there is never any guaranteed order of http headers. So, on that front, header order doesn't matter.

Saturnalia answered 25/6, 2012 at 22:1 Comment(0)

Recommended topics

Hot tags