This schema was originally developed by [NAME] at [COMPANY]. The CybOX XML Schema implementation is maintained by The MITRE Corporation and developed by the open CybOX Community. For more information, including how to get involved in the effort and how to submit change requests, please visit the CybOX website at http://cybox.mitre.org. HTTP_Session_Object 2.0 04/08/2013 The following specifies the fields and types that compose this defined CybOX Object type. Each defined object is an extension of the abstract ObjectPropertiesType, defined in CybOX Common. For more information on this extension mechanism, please see the CybOX Specification. This document is intended for developers and assumes some familiarity with XML. Copyright (c) 2012-2013, The MITRE Corporation. All rights reserved. The contents of this file are subject to the terms of the CybOX License located at http://cybox.mitre.org/about/termsofuse.html. See the CybOX License for the specific language governing permissions and limitations for use of this schema. When distributing copies of the CybOX Schema, this license header must be included. The HTTP_Session object is intended to capture the HTTP requests and responses made on a single HTTP session. The HTTPSessionObjectType is intended to capture the details of an HTTP session. The HTTP_Request_Response field specifies a single HTTP Request/Response pair. The HTTPRequestResponseType captures a single HTTP request/response pair. The HTTP_Client_Request field specifies the HTTP client request portion of a single HTTP request/response pair. The HTTP_Server_Response field specifies the HTTP server response portion of a single HTTP request/response pair. The HTTPClientRequestType field captures the details of an HTTP client request. The HTTP_Request_Line field specifies the HTTP request line of the HTTP client request. The HTTP_Request_Header field specifies all of the HTTP header fields that may be found in the HTTP client request. The HTTP_Message_Body field specifies the optional message body that may be included in the HTTP client request. The HTTPServerResponseType captures the details of an HTTP server response. The HTTP_Status_Line field captures the status line returned as part of the HTTP server response. The HTTP_Response_Header field captures the details of the HTTP Header returned as part of the HTTP server response. The HTTP_Message_Body field captures the HTTP message body returned as part of the HTTP server response. The HTTPRequestLineType captures a single HTTP request line. The HTTP_Method field captures the HTTP method portion of the HTTP request line. The Value field captures the value (typically a resource path) portion of the HTTP request line. The Version field captures the HTTP version portion of the HTTP request line. The HTTPRequestHeaderType captures the raw or parsed header of an HTTP request. The Raw_Header field captures the HTTP request header as a raw, un-parsed string. The Parsed_Header field captures the HTTP request header as a set of parsed HTTP header fields. The HTTPRequestHeaderFieldsType captures parsed HTTP request header fields. The Accept field specifies the HTTP Request Accept header field, which defines the Content-Types that are acceptable. The Accept-Charset field specifies the HTTP Request Accept-Charset header field, which defines the character sets that are acceptable. The Accept-Language field specifies the HTTP Request Accept-Language header field, which defines the acceptable languages for response. The Accept-Datetime field specifies the HTTP Request Accept-Datetime header field, which defines the acceptable version time. The Accept-Encoding field specifies the HTTP Request Accept-Encoding header field, which defines the acceptable encodings. The Authorization field specifies the HTTP Request Authorization header field, which defines the authentication credentials for use in HTTP authentication. The Cache-Control field specifies the HTTP Request Cache-Control header field, which defines the directives that MUST be obeyed by all caching mechanisms along the request/response chain. The Connection field specifies the HTTP Request Connection header field, which defines the type of connection that the user-agent would prefer. The Cookie field specifies the HTTP Request Cookie header field, which defines the HTTP cookie previously sent by the server. The Content-Length field specifies the HTTP Request Content-Length header field, which defines the length of the request body in octets. The Content-MD5 field specifies the HTTP Request Content-MD5 header field, which defines a Base64 encoded binary MD5 sum of the content of the request body. The Content-Type field specifies the HTTP Request Content-Type header field, which defines a the MIME type of the body of the request (used with POST and PUT requests). The Date field specifies the HTTP Request Date header field, which defines the date and time that the message was sent. The Expect field specifies the HTTP Request Expect header field, which defines the particular server behaviors that are required by the client. The From field specifies the HTTP Request From header field, which defines the email address of the user making the request. The Host field specifies the HTTP Request Host header field, which the domain name of the server and the TCP port number on which the server is listening. The If-Match field specifies the HTTP Request If-Match header field, which allows the action to be performed if the client supplied entity matches the same entity on the server. The If-Modified-Since field specifies the HTTP Request If-Modified-Since header field, which allows a 304 Not Modified response to be returned if content is unchanged since the input date/time. The If-Modified-Since field specifies the HTTP Request If-Modified-Since header field, which allows the action to be performed only if the client supplied entity does not match the same entity on the server. The If-Range field specifies the HTTP Request If-Range header field, which allows the client to request the part(s) of the entity that they are missing, or otherwise the new entity. The If-Unmodified-Since field specifies the HTTP Request If-Unmodified-Since header field, which allows a response to be sent only if the entity has not been modified since a specific date/time. The Max-Forwards field specifies the HTTP Request Max-Forwards header field, which defines the maximum number of times the message can be forwarded through proxies or gateways. The Pragma field specifies the HTTP Request Pragma header field, which defines any implementation-specific values that may have various anywhere along the request-response chain. The Proxy-Authorization field specifies the HTTP Request Proxy-Authorization header field, which defines the authorization credentials for connecting to a proxy. The Range field specifies the HTTP Request Range header field, which defines the range, in bytes, for requesting only part of an entity (bytes are numbered from 0). The Referer field specifies the HTTP Request Range Referer field, which defines the address of the previous web page from which a link to the currently requested page was followed. The TE field specifies the HTTP Request TE field, which defines the transfer encodings the user agent is willing to accept. The User-Agent field specifies the HTTP Request User-Agent field, which defines the user agent string of the user agent. The Via field specifies the HTTP Request Via field, which defines any proxies through which the request was sent. The Warning field specifies the HTTP Request Warning field, which defines any general warnings about possible problems with the entity body. The DNT field specifies the non-standard HTTP Request DNT field, which is typically used to request that a web application disable their tracking of a user. The X-Requested-With field specifies the non-standard HTTP Request X-Requested-With field, which is typically used to identify Ajax requests. The X-Forwarded-For field specifies the non-standard HTTP Request X-Forwarded-For field, which is typically used to identify the originating IP address of a client connecting to a web server through an HTTP proxy or load balancer. The X-ATT-DeviceId field specifies the non-standard HTTP Request X-ATT-DeviceId field, which is typically used to identify the make, model, and firmware of AT&T devices. The X-Wap-Profile field specifies the non-standard HTTP Request X-Wap-Profile field, which is typically used to link to an XML file on the Internet with a full description and details about the device currently connecting. The HTTPResponseHeaderType captures the raw or parsed header of an HTTP response. The Raw_Header field captures the HTTP response header as a raw, un-parsed string. The Parsed_Header field captures the HTTP response header as a set of parsed HTTP header fields. The HTTPRequestHeaderFieldsType captures parsed HTTP request header fields. The Access-Control-Allow-Origin field specifies the HTTP Response Access-Control-Allow-Origin header field, which defines which web sites can participate in cross-origin resource sharing. The Accept-Ranges field specifies the HTTP Response Accept-Ranges header field, which defines the partial content range types this server supports. The Age field specifies the HTTP Response Authorization header field, which defines the age the object has been in a proxy cache, in seconds. The Cache-Control field specifies the HTTP Response Cache-Control header field, which tells all caching mechanisms from server to client whether they may cache this object. The Connection field specifies the HTTP Response Connection header field, which specifies the options that are desired for the connection. The Content-Encoding field specifies the HTTP Response Content-Encoding header field, which defines the type of encoding used on the data. The Content-Language field specifies the HTTP Response Content-Language header field, which defines the language the content is in. The Content-Length field specifies the HTTP Response Content-Length header field, which defines the length of the request body in octets. The Content-Location field specifies the HTTP Response Content-Location header field, which defines an alternate location for the returned data. The Content-MD5 field specifies the HTTP Response Content-MD5 header field, which defines the base64-encoded binary MD5 sum of the content of the response. The Content-Disposition field specifies the HTTP Response Content-Disposition header field, which provides a means for the origin server to suggest a default filename if the user requests that the content is saved to a file. The Content-Range field specifies the HTTP Response Content-Range header field, which defines where in a full body message the partial message belongs. The Content-Type field specifies the HTTP Response Content-Type header field, which defines the MIME type of the content. The Date field specifies the HTTP Request Date header field, which defines the date and time that the message was sent. The ETag field specifies the HTTP Response ETag header field, which defines an identifier for a specific version of a resource, often a message digest. The Expires field specifies the HTTP Response Expires header field, which defines the date/time after which the response is considered stale. The Last-Modified field specifies the HTTP Response Last-Modified header field, which defines the date/time for the requested object, in RFC 2822 format. The Link field specifies the HTTP Response Link header field, which defines a typed relationship with another resource, where the relation type is defined by RFC 5988. The Location field specifies the HTTP Response Location header field, which defines the location used in redirection, or when a new resource has been created. The P3P field specifies the HTTP Response P3P header field, which sets P3P policy to be used by the browser. The Pragma field specifies the HTTP Response Pragma header field, which defines any implementation-specific values that may have various anywhere along the request-response chain. The Proxy-Authenticate field specifies the HTTP Response Proxy-Authenticate header field, which defines the type of authentication necessary to access the proxy. The Refresh field specifies the HTTP Response Refresh header field, which specifies a given interval, in seconds, after which the current page should be refreshed. The Retry-After field specifies the HTTP Response Retry-After header field, which defines the period, in seconds, after which the client should try again if an entity is temporarily unavailable. The Server field specifies the HTTP Response Server field, which defines a name for the responding server. The Set-Cookie field specifies the HTTP Response Set-Cookie field, which defines an HTTP cookie. The Strict-Transport-Security field specifies the HTTP response Strict-Transport-Security field, which defines the HSTS Policy informing the HTTP client how long to cache the HTTPS only policy and whether this applies to subdomains. The Trailer field specifies the HTTP Response Trailer field, which indicates that the given set of header fields is present in the trailer of a message encoded with chunked transfer-coding. The Transfer-Encoding field specifies the HTTP Response Transfer-Encoding field, which defines the form of encoding used to safely transfer the entity to the user. The Vary field specifies the HTTP Response Vary field, which informs downstream proxies on how to match future request headers to decide whether the cached respones can be used rather than requested a fresh one from the origin server. The Via field specifies the HTTP Response Via field, which informs the client of proxies through which the response was sent. The Warning field specifies the HTTP Response Warning field, which defines any general warnings about possible problems with the entity body. The WWW-Authenticate field specifies the HTTP Response WWW-Authenticate field, which defines the authentication scheme that should be used to access the requested entity. The X-Frame-Options field specifies the non-standard HTTP Response X-Frame-Options field, which is used as a form of clickjacking protection, supporting no rendering within a frame and no rendering if origin mismatch. The X-XSS-Protection field specifies the non-standard HTTP Response X-XSS-Protection field, which is used as a cross-site scripting (XSS) filter. The X-Content-Type-Options field specifies the non-standard HTTP Response X-Content-Type-Options field, which supports the 'nosniff' parameter to prevent the MIME-sniffing of a response away from the declared content type. The X-Forwarded-Proto field specifies the non-standard HTTP Response X-Forwarded-Proto field, which identifies the originating protocol of an HTTP request. The X-Powered-By field specifies the non-standard HTTP Response X-Powered-By field, which specifies the technology supporting the web application running on the server. The X-UA-Compatible field specifies the non-standard HTTP Response X-UA-Compatible field, which is used to recommend the preferred rendering engine to use to display the content. The HTTPMessageType captures a single HTTP message body and its length. The Length field captures the length of the HTTP message body, in bytes. The Message_Body field captures the data contained in the HTTP message body. The HTTPStatusLineType captures a single HTTP response status line. The Version field captures the HTTP version portion of the HTTP status line. The Status_Code field captures the HTTP status code portion of the HTTP status line. The Reason_Phrase field captures the HTTP reason phrase portion of the HTTP status line. The HostFieldType captures the details of the HTTP request Host header field. The Domain_Name field specifies the domain name of the server. The Port field specifies the TCP port number on which the server is listening. HTTPMethodType specifies HTTP method types, via a union of the HTTPMethodEnum type and the atomic xs:string type. Its base type is the CybOX Core BaseObjectPropertyType, for permitting complex (i.e. regular-expression based) specifications. This attribute is optional and specifies the expected type for the value of the specified property. The HTTPMethodEnum is an enumeration of HTTP method types.