; http-res.tab
;
; This table lists the known response header fields.  Here are some
; comments:
;
; Accept:
;
;	Typo for Allow (Server: Commerce-Builder/2.10).
;
; Accept-Ranges:
; Allow-Ranges:
; Content-Range:
;
;	We cannot implement content filtering with ranges as we do not
;	see the context.  For instance, "<APPLET>" could be split into
;	two requests which could be separated by weeks.
;
;
; Content-Type:
;
;	Duplicates are handled specially by hh_res_ct_type, therefore
;	the H_MULTI flag is set here.
;
; Connection:
; Keep-Alive:
;
;	For now, we support only one request per connection.
;
; Content-Encoding:
;
;	The response is rejected if a Content-Encoding is given for
;	HTML as filtering HTML would require uncompressing the body.
;	We could run gunzip or uncompress.  On the other hand, not
;	allowing any content encoding ("Accept-Encoding:") is simpler.
;
; Content-Length:
;
;	As filtering HTML changes the contents, we have to drop this
;	header field.  TODO: Only drop if actually filtering HTML.
;
; Content-MD5:
;
;	As filtering HTML changes the contents, we have to drop this
;	header field.  TODO: Only drop if actually filtering HTML.
;
; Transfer-Encoding:
;
;	Decoding a `chunked' message body may require too much memory
;	or disk space.  TODO: Decode it anyway.  Not decoding it is a
;	bad idea as it lets the server split, say, "<APPLET>" into two
;	or more chunks.
;
; Content-Version:
; Derived-From:
;
;	These are non-standard header fields; dropping these won't
;	make a difference.  I don't want to parse Derived-From.
;
; Link:
; Content-Style-Type:
;
;	There are issues with style sheets and JavaScript.  For now,
;	we unconditionally drop these headers.
;
; Location:
; Content-Location:
;
;	TODO: Why do we drop these?
;
; Set-Cookie:
;
;	Either drop it or pass it, according to the configuration.
;
; URI:
;
;	This should no longer be used, see also Location.
;
; X-Pad: avoid browser bug
;
;	We remove this and reinsert it if required.

age			hh_keep		0	; HTTP/1.1 response-header
accept-ranges		hh_drop_silent	H_MULTI	; HTTP/1.1 response-header
allow-ranges		hh_drop_silent	0	; typo for "accept-ranges"?
alternates		hh_keep		0	; proposed response-header
generator		hh_keep		0	; non-std  response-header
location		hh_location	0	; HTTP/1.0 response-header
message-id		hh_keep		0	; non-std  response-header
pics-label		hh_drop_silent	H_MULTI	; non-std  response-header
proxy-authenticate	hh_keep		0	; HTTP/1.1 response-header
public			hh_keep		H_MERGE	; HTTP/1.1 response-header
refresh			hh_refresh	0	; non-std  response-header
reply-to		hh_keep		0	; non-std  response-header
retry-after		hh_keep		0	; HTTP/1.1 response-header
server			hh_keep		H_MULTI	; HTTP/1.0 response-header
set-cookie		hh_set_cookie	H_MULTI	; RFC 2109 response-header
title			hh_keep		0	; non-std  response-header
uri			hh_dangerous	H_MERGE	; deprecated
vary			hh_keep		0	; HTTP/1.1 response-header
version			hh_keep		0	; non-std  response-header
warning			hh_keep		H_MERGE	; HTTP/1.1 response-header
window-target		hh_keep		0	; non-std  response-header
www-authenticate	hh_keep		H_MERGE	; HTTP/1.0 response-header
x-cache			hh_keep		H_MULTI	; non-std  response-header
x-cache-lookup		hh_keep		0	; non-std  response-header
x-pad			hh_drop_silent	H_MULTI	; Apache   response-header

cache-control		hh_keep		H_MERGE	; HTTP/1.1 general-header
connection		hh_drop_silent	H_MERGE	; HTTP/1.1 general-header
date			hh_keep		H_DUP	; HTTP/1.0 general-header
keep-alive		hh_drop_silent	H_MERGE	; HTTP/1.1
mime-version		hh_keep		0	; HTTP/1.1 general-header
pragma			hh_pragma	H_MERGE	; HTTP/1.0 general-header
transfer-encoding	hh_tf_encoding	H_MERGE	; HTTP/1.1 general-header
upgrade			hh_keep		H_MERGE	; HTTP/1.1 general-header
via			hh_keep		H_MERGE	; HTTP/1.1 general-header

accept			hh_drop_silent	H_MULTI	; Typo
allow			hh_keep		H_MERGE	; HTTP/1.0 entity-header
content-base		hh_keep		0	; HTTP/1.1 entity-header
content-encoding	hh_res_ct_enc	H_MERGE	; HTTP/1.0 entity-header
content-language	hh_keep		H_MERGE	; HTTP/1.0 entity-header
content-length		hh_res_ct_len	0	; HTTP/1.0 entity-header
content-location	hh_dangerous	0	; HTTP/1.1 entity-header
content-md5		hh_drop_silent	0	; HTTP/1.1 entity-header
content-range		hh_ct_range	0	; HTTP/1.1 entity-header
content-type		hh_res_ct_type	H_MULTI	; HTTP/1.0 entity-header
content-version		hh_drop_silent	0	; non-std  entity-header
derived-from		hh_drop_silent	0	; non-std  entity-header
etag			hh_keep		0	; HTTP/1.1 entity-header
expires			hh_keep		H_MULTI	; HTTP/1.0 entity-header
last-modified		hh_keep		0	; HTTP/1.0 entity-header
link			hh_drop_silent	H_MERGE	; HTML 4.0 (TODO)
content-style-type	hh_drop_silent	H_MERGE	; HTML 4.0 (TODO)
content-transfer-encoding hh_cte	0	; MIME
security-scheme		hh_keep         0       ; HTTP/1.1 response-header
proxy-connection	hh_drop_silent  H_MERGE ; Squid    response-header
x-squid-error 		hh_keep		H_MERGE ; Squid    response-header
dav			hh_keep		0	; Subversion
status-uri		hh_keep		0	; Subversion