The X-Requested-With header page is broken

[summercms]

I went to this page:

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers

And clicked on the link for X-Requested-With

Which links to this broken page:

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Requested-With

The only info I found on the internet so far for this header is found here:

http://www.checkheaders.com/headers/X-Requested-With/

Which has a good summary description:

Mainly used to identify Ajax requests. Most JavaScript frameworks send this header with value of `XMLHttpRequest`.

Could probably add that to the missing description in MDN. On the page: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers as that doesn't contain a description either, see here:

[Ryuno-Ki]

HTTP Headers starting with X- are proprietary. However, the convention was dropped a few years ago as you can find explained in https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers (which links to different RFCs)

[Ryuno-Ki]

I was curious and did some digging.
It seems to be a relict from the early days of jQuery to indicate AJAX request (vs. normal requests) to allow the server to act differently (this, the value of „XMLHttpRequest” - or XHR as it is known in the JavaScript world).

In 2012, there were thoughts about dropping it from Angular.js. They cite CORS-problems caused by it (and interop with Ruby on Rails). That might give you some more hints.

Lastly, you might find it within requests caused by Android's WebView: https://www.stoutner.com/the-x-requested-with-header/ (not sure, whether this still holds true today).

Hope that helps :-)

[summercms]

Thanks for the links, you pretty much said what I thinking as well.

I found lots of github repo's adding it when they were using XMLHttpRequest citing CORS.

I started searching this header as it was in our parser software for Android's WebView ID's.

I'm just going through a bunch of x-headers checking to see what they do and if any pose a security risk, this one seems to be fine left alone.

I thought I'd mention the blank info in mdn, to make you guys aware.

[ghost]

There are more broken or dead links on this page.

website of the HTTP working group
Viewport-Width
Width
character encodings
Max-Forwards
COEP
COOP
CORP
Origin-Isolation
X-Download-Options
MS Edge bug
X-Permitted-Cross-Domain-Policies
X-Powered-By
Last-Event-ID
Ping-From
Ping-To
Report-To
Sec-WebSocket-Key
Sec-WebSocket-Extensions
Sec-WebSocket-Protocol
Sec-WebSocket-Version
Accept-Push-Policy
Accept-Signature
Push-Policy
Signature
Signed-Headers
Service-Worker-Allowed
X-Firefox-Spdy
X-Pingback
X-Requested-With
X-Robots-Tag
X-UA-Compatible

[Ryuno-Ki]

@Torhuo Thanks for catching

@chrisdavidmills Shall we open a PR citing this one? (Likely not „closes 1506” as commit message)
Or would it need to become a new issue (for easier search)

[chrisdavidmills]

@Ryuno-Ki It would be good to have one issue for any links that are actually broken (i.e. the linked page exists, but the link does not point to the right place, we could use this issue), and then create a number of issues for the pages that don't exist:

• 1 tracking [meta] issue that groups together the need for creating missing HTTP header pages, with a checkbox list of all the ones to create (so we can check them off as they are done), and other supporting info such as how to create each page.
• A separate issue for each page that needs creating as part of this.

We could then submit this potential work for review by the editorial steering committee, and then hopefully get it on the schedule to be done.

[sideshowbarker]

Essentially a duplicate of #1458