Why we need to deprecate x prefix for HTTP headers?

In June, 2012, Internet Engineering Task Force released a new RFC(RFC-6648), recommending deprecation of X- prefix. As LinkedIn also use this type of prefix, I was interested to read this RFC, and explain to you why we need to deprecate it.

X- prefix background

HTTP header is used to transmit additional information between client and server.

Some standard HTTP header:

If people want to have custom header, X- prefix is suggested to avoid conflict. This recommendation is raised in 1982 for Email standard(RFC-822),working fine for decades。

Usage of X- prefix

Among all non-standard HTTP headers, some become very popular:

X- prefix issues

When these X- prefix become more and more popular, it’s touch to handle it when we need to standardize them. In theory, we should remove the X- prefix after standardize it, but it will apparently affect existing applications. To avoid backward-compatibility issues, we have to keep it. In summary, the X- prefix can’t identify between standard and non-standard headers anymore.

Solutions

  1. No longer recommend X- for new custom headers, and no longer use X- prefix to distinguish standard and non-standard headers
  2. If it’s possible for new custom header to be standardized, use a non-used and meaningful header name
  3. If it’s not possible for new custom header to be standardized, include organization name (e.g. reverse domain name com.example.foo)
  4. No recommendation to keep/drop for existing custom HTTP headers
  5. X- prefix can’t be used to assume safety of headers

Comments

comments powered by Disqus