What is the purpose of the "X" at the beginning of some headers names?

5

There are specific headers in HTTP that have the purpose of passing some information. Such as Content-Type which informs the mime of the content you want to receive or send. We also have Content-Length that determines the size in bytes of a response.

But I have noticed some headers, which have some common features, such as X-Csrf-Token , X-Frame-Options , X-XSS-Protection or X-UA-Compatible .

They all have the purpose of reporting something, obviously, like all the others.

But I'm curious as to why they all need to start with the letter "X".

  • Does it have any meaning when the header begins with "X"? And if so, what is it?

  • Would it be to create something custom? For example: If I wanted to invent a header to inform the application version, could I create something like X-App-Version ?

asked by anonymous 10.11.2016 / 17:38

1 answer

5

The use of "X" is a convention of custom protocol developers.

(Practice already discouraged by RFC 6648 )

I've never found an official version of the use of "X", but the most widespread version is that it is an extra X, an "extra header".

These Headers are just for sending some customized information in the Header, such as an access Token.

    
10.11.2016 / 17:49