Are Duplicate HTTP Response Headers acceptable?

by

Yes

HTTP RFC2616 available here says:

Multiple message-header fields with the same field-name MAY be present
in a message if and only if the entire field-value for that header
field is defined as a comma-separated list [i.e., #(values)]. It MUST
be possible to combine the multiple header fields into one
“field-name: field-value” pair, without changing the semantics of the
message, by appending each subsequent field-value to the first, each
separated by a comma. The order in which header fields with the same
field-name are received is therefore significant to the interpretation
of the combined field value, and thus a proxy MUST NOT change the
order of these field values when a message is forwarded

So, multiple headers with the same name is ok (www-authenticate is such a case) if the entire field-value is defined as a comma-separated list of values.

Cache-control is documented here: http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9 like this:

Cache-Control   = "Cache-Control" ":" 1#cache-directive

The #1cache-directive syntax defines a list of at least one cache-directive elements (see here for the formal definition of #values: Notational Conventions and Generic Grammar)

So, yes,

Cache-Control: no-cache, no-store

is equivalent to (order is important)

Cache-Control: no-cache
Cache-Control: no-store

More Related Contents:

  1. 403 Forbidden vs 401 Unauthorized HTTP responses
  2. How can I view HTTP headers in Google Chrome?
  3. What is http multipart request?
  4. What’s the “Content-Length” field in HTTP header?
  5. What character encoding should I use for a HTTP header?
  6. Axios get access to response header fields
  7. Best HTTP Authorization header type for JWT
  8. What exactly does the Access-Control-Allow-Credentials header do?
  9. Operating System from User-Agent HTTP Header [closed]
  10. Can I rely on Referer HTTP header?
  11. JMeter Alter HTTP Headers During Test
  12. Is this statement correct? HTTP GET method always has no message body
  13. what’s the difference between Expires and Cache-Control headers?
  14. What are Content-Language and Accept-Language?
  15. Does the order of headers in an HTTP response ever matter?
  16. How do I force files to open in the browser instead of downloading (PDF)?
  17. Adding a HTTP header to the Angular HttpClient doesn’t send the header, why?
  18. How to send a header using a HTTP request through a cURL call?
  19. HTTP HEAD Request in Javascript/Ajax?
  20. How to configure static content cache per folder and extension in IIS7?
  21. How do I access the HTTP request header fields via JavaScript?
  22. What is “X-Content-Type-Options=nosniff”?
  23. How can I get the clients IP address from HTTP headers?
  24. Modify HTTP Headers for a JSONP request
  25. Access Control Allow Origin issue in Angular 2
  26. How can I read the current headers without making a new request with JS? [duplicate]
  27. What is the http-header “X-XSS-Protection”?
  28. How to get host name with port from a http or https request
  29. header(“Content-type: text/css”); is working in Firefox and Chrome, but in Internet Explorer 9 it shows up as ‘text/html’
  30. Can’t get rid of header X-Powered-By:Express

Leave a Comment