I don’t really get the purpose of a header like this, who is supposed to check it? It’s not like developers casually check the headers returned by an API every week.
Write them a mail if you see deprecated functions being used by a certain API key, probably much more likely to reach somebody that way.
Also, TIL that the IETF deprecated the X- prefix more than 10 years ago. Seems like that one didn’t pan out.
Also, TIL that the IETF deprecated the X- prefix more than 10 years ago. Seems like that one didn’t pan out.
Can you elaborate on that? The X- prefix is supposedly only a recommendation, and intended to be used in non-standard, custom, ah-hoc request headers to avoid naming conflicts.
In short, although in theory the “X-” convention was a good way to avoid collisions (and attendant interoperability problems) between standardized parameters and unstandardized parameters, in practice the benefits have been outweighed by the costs associated with the leakage of unstandardized parameters into the standards space.
I still work on software that extendively uses X- headers.
I still work on software that extendively uses X- headers.
I wouldn’t worry too much about it. The reason they give is mostly that it is annoying if a X- header suddenly becomes standardized and you end up having to support X-Something and Something. Most likely a non-issue with real custom headers.
It makes sense to include so it’s obvious in the readable HTTP request response. We use readable URLs and header names for the same purpose: So it is inspectable and understandable from that text format. You may leave deprecation information out, but then you’re missing part of the resource description that you’re addressing with the URL/URI.
Given a defined header it also allows you to add tooling and automation. There’s no need for manual reading.
I don’t really get the purpose of a header like this, who is supposed to check it? It’s not like developers casually check the headers returned by an API every week.
Write them a mail if you see deprecated functions being used by a certain API key, probably much more likely to reach somebody that way.
Also, TIL that the IETF deprecated the
X-prefix more than 10 years ago. Seems like that one didn’t pan out.Can you elaborate on that? The X- prefix is supposedly only a recommendation, and intended to be used in non-standard, custom, ah-hoc request headers to avoid naming conflicts.
Taken from https://datatracker.ietf.org/doc/html/rfc6648
I still work on software that extendively uses X- headers.
deleted by creator
The RFC you linked recommends that no new
X-prefixed headers should be used.The paragraph you quoted does not say you should use the
X-prefix, only comments on how it was used.See section 3 for the creation of new parameters: https://datatracker.ietf.org/doc/html/rfc6648#section-3
I wouldn’t worry too much about it. The reason they give is mostly that it is annoying if a
X-header suddenly becomes standardized and you end up having to supportX-SomethingandSomething. Most likely a non-issue with real custom headers.It makes sense to include so it’s obvious in the readable HTTP request response. We use readable URLs and header names for the same purpose: So it is inspectable and understandable from that text format. You may leave deprecation information out, but then you’re missing part of the resource description that you’re addressing with the URL/URI.
Given a defined header it also allows you to add tooling and automation. There’s no need for manual reading.