Skip to main content

Appendix A. Static Table

This table was generated by analyzing actual Internet traffic in 2018 and including the most common header fields, after filtering out some unsupported and non-standard values. Due to this methodology, some of the most common header fields are missing from the QPACK static table, as explained below.

The "accept-encoding" header is absent from the static table because its value is likely to be unique to each client and dynamic table space is better utilized if the encoder can choose what to index based on application context.

The following header fields were common in the corpus but absent from the static table because they are entropy-coded in HTTP/3, so they are no longer transmitted explicitly: ":authority", ":method", ":path", ":scheme", and ":status".

The "user-agent" header is relatively common and a good candidate for the static table. However, its value is so varied that it would provide little value in the static table, and as with "accept-encoding", dynamic table space is better utilized if the encoder can choose what to index.

The "content-length" header is also missing from this static table because its value is usually unique to each response and it would benefit little from inclusion in the static table.

The QPACK static table consists of a predefined list of 99 field lines, each with a fixed index over the range 0-98.

IndexNameValue
0:authority
1:path/
2age0
3content-disposition
4content-length0
5cookie
6date
7etag
8if-modified-since
9if-none-match
10last-modified
11link
12location
13referer
14set-cookie
15:methodCONNECT
16:methodDELETE
17:methodGET
18:methodHEAD
19:methodOPTIONS
20:methodPOST
21:methodPUT
22:schemehttp
23:schemehttps
24:status103
25:status200
26:status304
27:status404
28:status503
29accept*/*
30acceptapplication/dns-message
31accept-encodinggzip, deflate, br
32accept-rangesbytes
33access-control-allow-headerscache-control
34access-control-allow-headerscontent-type
35access-control-allow-origin*
36cache-controlmax-age=0
37cache-controlmax-age=2592000
38cache-controlmax-age=604800
39cache-controlno-cache
40cache-controlno-store
41cache-controlpublic, max-age=31536000
42content-encodingbr
43content-encodinggzip
44content-typeapplication/dns-message
45content-typeapplication/javascript
46content-typeapplication/json
47content-typeapplication/x-www-form-urlencoded
48content-typeimage/gif
49content-typeimage/jpeg
50content-typeimage/png
51content-typetext/css
52content-typetext/html; charset=utf-8
53content-typetext/plain
54content-typetext/plain;charset=utf-8
55rangebytes=0-
56strict-transport-securitymax-age=31536000
57strict-transport-securitymax-age=31536000; includesubdomains
58strict-transport-securitymax-age=31536000; includesubdomains; preload
59varyaccept-encoding
60varyorigin
61x-content-type-optionsnosniff
62x-xss-protection1; mode=block
63:status100
64:status204
65:status206
66:status302
67:status400
68:status403
69:status421
70:status425
71:status500
72accept-language
73access-control-allow-credentialsFALSE
74access-control-allow-credentialsTRUE
75access-control-allow-headers*
76access-control-allow-methodsget
77access-control-allow-methodsget, post, options
78access-control-allow-methodsoptions
79access-control-expose-headerscontent-length
80access-control-request-headerscontent-type
81access-control-request-methodget
82access-control-request-methodpost
83alt-svcclear
84authorization
85content-security-policyscript-src 'none'; object-src 'none'; base-uri 'none'
86early-data1
87expect-ct
88forwarded
89if-range
90origin
91purposeprefetch
92server
93timing-allow-origin*
94upgrade-insecure-requests1
95user-agent
96x-forwarded-for
97x-frame-optionsdeny
98x-frame-optionssameorigin
Last updated on