There are specific headers in HTTP that have the purpose of passing some information. Such as Content-Type
which informs the mime of the content you want to receive or send. We also have Content-Length
that determines the size in bytes of a response.
But I have noticed some headers, which have some common features, such as X-Csrf-Token
, X-Frame-Options
, X-XSS-Protection
or X-UA-Compatible
.
They all have the purpose of reporting something, obviously, like all the others.
But I'm curious as to why they all need to start with the letter "X".
-
Does it have any meaning when the header begins with "X"? And if so, what is it?
-
Would it be to create something custom? For example: If I wanted to invent a header to inform the application version, could I create something like
X-App-Version
?