RFC 6455 - The WebSocket Protocol
Published: December 2011
Status: Standards Track
Authors: I. Fette (Google Inc.), A. Melnikov (Isode Ltd.)
Abstract
The WebSocket Protocol enables full-duplex communication between a client and a server over a single TCP connection. The WebSocket Protocol is designed to be implemented in web browsers and web servers, but it can be used by any client or server application.
The WebSocket Protocol is an independent TCP-based protocol. Its only relationship to HTTP is that its handshake is interpreted by HTTP servers as an Upgrade request.
Table of Contents
- 1. Introduction
- 1.1 Background
- 1.2 Protocol Overview
- 1.3 Opening Handshake
- 1.4 Closing Handshake
- 1.5 Design Philosophy
- 1.6 Security Model
- 1.7 Relationship to TCP and HTTP
- 1.8 Establishing a Connection
- 1.9 Subprotocols and Extensions
- 2. Conformance Requirements
- 2.1 Terminology and Other Conventions
- 3. WebSocket URIs
- 4. Opening Handshake
- 4.1 Client Requirements
- 4.2 Server-Side Requirements
- 4.3 Collecting Extensions and Subprotocols
- 4.4 Supporting Multiple Versions
- 5. Data Framing
- 5.1 Overview
- 5.2 Base Framing Protocol
- 5.3 Client-to-Server Masking
- 5.4 Fragmentation
- 5.5 Control Frames
- 5.6 Data Frames
- 5.7 Examples
- 5.8 Extensibility
- 6. Sending and Receiving Data
- 6.1 Sending Data
- 6.2 Receiving Data
- 7. Closing the Connection
- 7.1 Definitions
- 7.2 Abnormal Closures
- 7.3 Normal Closure
- 7.4 Status Codes
- 8. Error Handling
- 8.1 Handling Errors in UTF-8-Encoded Data
- 9. Extensions
- 9.1 Negotiating Extensions
- 9.2 Known Extensions
- 10. Security Considerations
- 10.1 Non-Browser Clients
- 10.2 Origin Considerations
- 10.3 Attacks On Infrastructure
- 10.4 Implementation-Specific Limits
- 10.5 WebSocket Client Authentication
- 10.6 Connection Confidentiality and Integrity
- 10.7 Handling of Invalid Data
- 10.8 Use of SHA-1
- 11. IANA Considerations
- 12. Using WebSocket Protocol from Other Specifications
- 13. Acknowledgements
- 14. References
- 14.1 Normative References
- 14.2 Informative References
Additional Resources
- 📖 Implementation Guide: WebSocket Protocol Implementation Guide - Detailed technical documentation, code examples, and best practices
- 🔗 Official RFC: RFC 6455
- 📋 DataTracker: RFC 6455 DataTracker
- 🐛 Errata: RFC Editor Errata
Related RFCs
- RFC 6455: The WebSocket Protocol ← This document
- RFC 7692: WebSocket Compression Extensions
- RFC 8441: Bootstrapping WebSockets with HTTP/2
Quick Reference
WebSocket URI Format
ws-URI = "ws:" "//" host [ ":" port ] path [ "?" query ]
wss-URI = "wss:" "//" host [ ":" port ] path [ "?" query ]
ws://- Unencrypted connection (default port 80)wss://- TLS encrypted connection (default port 443, recommended for production)
Handshake Example
Client Request:
GET /chat HTTP/1.1
Host: server.example.com
Upgrade: websocket
Connection: Upgrade
Sec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==
Sec-WebSocket-Version: 13
Origin: http://example.com
Server Response:
HTTP/1.1 101 Switching Protocols
Upgrade: websocket
Connection: Upgrade
Sec-WebSocket-Accept: s3pPLMBiTxaQ9kYGzzhZRbK+xOo=
Frame Types (Opcode)
| Opcode | Type | Description |
|---|---|---|
| 0x0 | Continuation | Continuation frame |
| 0x1 | Text | Text frame (UTF-8) |
| 0x2 | Binary | Binary frame |
| 0x8 | Close | Close frame |
| 0x9 | Ping | Ping frame (heartbeat) |
| 0xA | Pong | Pong frame (heartbeat response) |
Close Status Codes
| Code | Name | Description |
|---|---|---|
| 1000 | Normal Closure | Normal closure |
| 1001 | Going Away | Endpoint going away (e.g., page navigation) |
| 1002 | Protocol Error | Protocol error |
| 1003 | Unsupported Data | Unsupported data type |
| 1006 | Abnormal Closure | Abnormal closure (no Close frame sent) |
| 1009 | Message Too Big | Message too large |
| 1011 | Internal Error | Server internal error |
Frame Structure (Basic Format)
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-------+-+-------------+-------------------------------+
|F|R|R|R| opcode|M| Payload len | Extended payload length |
|I|S|S|S| (4) |A| (7) | (16/64) |
|N|V|V|V| |S| | (if payload len==126/127) |
| |1|2|3| |K| | |
+-+-+-+-+-------+-+-------------+-------------------------------+
| Extended payload length continued, if payload len == 127 |
+-------------------------------+-------------------------------+
| |Masking-key, if MASK set to 1 |
+-------------------------------+-------------------------------+
| Masking-key (continued) | Payload Data |
+-------------------------------+-------------------------------+
Key Points:
- FIN: 1=final frame, 0=more frames follow
- MASK: Must be 1 for client→server, must be 0 for server→client
- Opcode: Frame type identifier
- Payload Length: Data length (0-125 direct, 126 uses 16-bit, 127 uses 64-bit)
Core Terminology
| English Term | Description |
|---|---|
| Full-Duplex Communication | Bidirectional simultaneous communication |
| Opening Handshake | HTTP upgrade process to WebSocket |
| Closing Handshake | Graceful connection closure process |
| Frame | Basic unit of data transmission |
| Message | Composed of one or more frames |
| Masking | Client data must be masked (security mechanism) |
| Fragmentation | Large messages transmitted in multiple frames |