initial commit

8 files changed, 1084 insertions, 0 deletions

diff --git a/files/zh-tw/web/http/headers/accept/index.html b/files/zh-tw/web/http/headers/accept/index.html
new file mode 100644
index 0000000000..e0544a0bc6
--- /dev/null
+++ b/files/zh-tw/web/http/headers/accept/index.html
@@ -0,0 +1,92 @@
+---
+title: Accept
+slug: Web/HTTP/Headers/Accept
+translation_of: Web/HTTP/Headers/Accept
+---
+<div>{{HTTPSidebar}}</div>
+
+<p><strong><code>Accept</code></strong> HTTP 請求標頭（以 <a href="/zh-TW/docs/Web/HTTP/Basics_of_HTTP/MIME_types">MIME type</a> 標示）會對伺服器告知用戶端可解讀的內容類型。伺服器可以透過 <a href="/zh-TW/docs/Web/HTTP/Content_negotiation">content negotiation</a> 來選用可行的協定，並以 {{HTTPHeader("Content-Type")}} 標頭告知用戶端。針對本標頭，瀏覽器可以根據完成請求的脈絡，來決定適合的數值：像是擷取 CSS 時，給予的值就會和圖片、影像、腳本不一樣。</p>
+
+<table class="properties">
+ <tbody>
+  <tr>
+   <th scope="row">標頭類型</th>
+   <td>{{Glossary("Request header")}}</td>
+  </tr>
+  <tr>
+   <th scope="row">{{Glossary("Forbidden header name")}}</th>
+   <td>no</td>
+  </tr>
+  <tr>
+   <th scope="row">{{Glossary("CORS-safelisted request header")}}</th>
+   <td>yes, with the additional restriction that values can't contain a <em>CORS-unsafe request header byte</em>: <code>"():&lt;&gt;?@[\]{}</code>, Delete, Tab and control characters: 0x00 to 0x19.</td>
+  </tr>
+ </tbody>
+</table>
+
+<h2 id="語法">語法</h2>
+
+<pre class="syntaxbox">Accept: &lt;MIME_type&gt;/&lt;MIME_subtype&gt;
+Accept: &lt;MIME_type&gt;/*
+Accept: */*
+
+// Multiple types, weighted with the {{glossary("quality values", "quality value")}} syntax:
+Accept: text/html, application/xhtml+xml, application/xml;q=0.9, image/webp, */*;q=0.8
+</pre>
+
+<h2 id="指令">指令</h2>
+
+<dl>
+ <dt><code>&lt;MIME_type&gt;/&lt;MIME_subtype&gt;</code></dt>
+ <dd>一個精確的 <a href="/zh-TW/docs/Web/HTTP/Basics_of_HTTP/MIME_types">MIME type</a>，例如<code>text/html</code>。</dd>
+ <dt><code>&lt;MIME_type&gt;/*</code></dt>
+ <dd>一個不指定子類的 MIME type。<code>image/*</code> 會配對到 <code>image/png</code>, <code>image/svg</code>, <code>image/gif</code> 和等圖片類型。</dd>
+ <dt><code>*/*</code></dt>
+ <dd>所有 MIME type</dd>
+ <dt><code>;q=</code> (q-factor weighting)</dt>
+ <dd>Any value used is placed in an order of preference expressed using relative <a href="/en-US/docs/Glossary/Quality_values">quality value</a> called the <em>weight</em>.</dd>
+</dl>
+
+<h2 id="示例">示例</h2>
+
+<pre>Accept: text/html
+
+Accept: image/*
+
+// General default
+Accept: */*
+
+// Default for navigation requests
+Accept: text/html, application/xhtml+xml, application/xml;q=0.9, */*;q=0.8
+</pre>
+
+<h2 id="規範">規範</h2>
+
+<table class="standard-table">
+ <thead>
+  <tr>
+   <th scope="col">規範</th>
+   <th scope="col">標題</th>
+  </tr>
+ </thead>
+ <tbody>
+  <tr>
+   <td>{{RFC("7231", "Accept", "5.3.2")}}</td>
+   <td>Hypertext Transfer Protocol (HTTP/1.1): Semantics and Context</td>
+  </tr>
+ </tbody>
+</table>
+
+<h2 id="瀏覽器相容性">瀏覽器相容性</h2>
+
+<p class="hidden">The compatibility table in this page is generated from structured data. If you'd like to contribute to the data, please check out <a href="https://github.com/mdn/browser-compat-data">https://github.com/mdn/browser-compat-data</a> and send us a pull request.</p>
+
+<p>{{Compat("http.headers.Accept")}}</p>
+
+<h2 id="參見">參見</h2>
+
+<ul>
+ <li>HTTP <a href="/zh-TW/docs/Web/HTTP/Content_negotiation">content negotiation</a></li>
+ <li>Header with the result of the content negotiation: {{HTTPHeader("Content-Type")}}</li>
+ <li>類似標頭：{{HTTPHeader("TE")}}, {{HTTPHeader("Accept-Encoding")}}, {{HTTPHeader("Accept-Charset")}}, {{HTTPHeader("Accept-Language")}}</li>
+</ul>
diff --git a/files/zh-tw/web/http/headers/dnt/index.html b/files/zh-tw/web/http/headers/dnt/index.html
new file mode 100644
index 0000000000..81c152f6a5
--- /dev/null
+++ b/files/zh-tw/web/http/headers/dnt/index.html
@@ -0,0 +1,83 @@
+---
+title: DNT
+slug: Web/HTTP/Headers/DNT
+translation_of: Web/HTTP/Headers/DNT
+---
+<div>{{HTTPSidebar}}</div>
+
+<p><strong><code>DNT</code></strong>（<strong>D</strong>o <strong>N</strong>ot <strong>T</strong>rack，<strong>請勿追蹤</strong>）請求標頭表明用戶針對追蹤程式的設定。它能讓用戶表達自己相較於個人化設定，更在乎個人隱私。</p>
+
+<table class="properties">
+ <tbody>
+  <tr>
+   <th scope="row">標頭類型</th>
+   <td>{{Glossary("Request header")}}</td>
+  </tr>
+  <tr>
+   <th scope="row">{{Glossary("Forbidden header name")}}</th>
+   <td>是</td>
+  </tr>
+ </tbody>
+</table>
+
+<h2 id="語法">語法</h2>
+
+<pre class="syntaxbox">DNT: 0
+DNT: 1
+</pre>
+
+<h2 id="指令">指令</h2>
+
+<dl>
+ <dt>0</dt>
+ <dd>用戶允許目標網站追蹤之。</dd>
+ <dt>1</dt>
+ <dd>用戶不允許目標網站追蹤。</dd>
+</dl>
+
+<h2 id="示例">示例</h2>
+
+<h3 id="請參考_JavaScript_的_Do_Not_Track">請參考 JavaScript 的 Do Not Track</h3>
+
+<p>用戶的 DNT 設定也能透過 JavaScript 的 {{domxref("Navigator.doNotTrack")}} 設定檢查：</p>
+
+<pre class="brush: js">navigator.doNotTrack; // "0" or "1"</pre>
+
+<h2 id="規範">規範</h2>
+
+<table class="standard-table">
+ <tbody>
+  <tr>
+   <th scope="col">規範</th>
+   <th scope="col">狀態</th>
+   <th scope="col">註解</th>
+  </tr>
+  <tr>
+   <td>{{SpecName('Tracking','#dnt-header-field', 'DNT Header Field for HTTP Requests')}}</td>
+   <td>{{Spec2("Tracking")}}</td>
+   <td>初始定義</td>
+  </tr>
+ </tbody>
+</table>
+
+<h2 id="瀏覽器相容性">瀏覽器相容性</h2>
+
+<p class="hidden">The compatibility table in this page is generated from structured data. If you'd like to contribute to the data, please check out <a href="https://github.com/mdn/browser-compat-data">https://github.com/mdn/browser-compat-data</a> and send us a pull request.</p>
+
+<p>{{Compat("http.headers.DNT")}}</p>
+
+<h2 id="參見">參見</h2>
+
+<ul>
+ <li>{{domxref("Navigator.doNotTrack")}}</li>
+ <li>{{HTTPHeader("Tk")}} 標頭</li>
+ <li>維基百科的<a href="https://zh.wikipedia.org/zh-tw/%E8%AF%B7%E5%8B%BF%E8%BF%BD%E8%B8%AA">Do Not Track </a></li>
+ <li><a href="https://www.eff.org/deeplinks/2011/02/what-does-track-do-not-track-mean">What Does the "Track" in "Do Not Track" Mean? – EFF</a></li>
+ <li><a href="http://donottrack.us/">donottrack.us</a></li>
+ <li>瀏覽器設定 DNT 的幫助：
+  <ul>
+   <li><a href="https://www.mozilla.org/zh-tw/firefox/dnt/">Firefox</a></li>
+   <li><a href="https://support.google.com/chrome/answer/2790761">Chrome</a></li>
+  </ul>
+ </li>
+</ul>
diff --git a/files/zh-tw/web/http/headers/index.html b/files/zh-tw/web/http/headers/index.html
new file mode 100644
index 0000000000..f2206c0e39
--- /dev/null
+++ b/files/zh-tw/web/http/headers/index.html
@@ -0,0 +1,360 @@
+---
+title: HTTP headers
+slug: Web/HTTP/Headers
+tags:
+  - HTTP
+  - Headers
+  - NeedsTranslation
+  - Networking
+  - Reference
+  - TopicStub
+translation_of: Web/HTTP/Headers
+---
+<div>{{HTTPSidebar}}</div>
+
+<p>HTTP headers allow the client and the server to pass additional information with the request or the response. A request header consists of its case-insensitive name followed by a colon '<code>:</code>', then by its value (without line breaks). Leading white space before the value is ignored.</p>
+
+<p>Custom proprietary headers can be added using the 'X-' prefix, but this convention was deprecated in June 2012, because of the inconveniences it caused when non-standard fields became standard in <a href="https://tools.ietf.org/html/rfc6648">RFC 6648</a>; others are listed in an <a class="external" href="http://www.iana.org/assignments/message-headers/perm-headers.html">IANA registry</a>, whose original content was defined in <a class="external" href="http://tools.ietf.org/html/rfc4229">RFC 4229</a>. IANA also maintains a <a class="external" href="http://www.iana.org/assignments/message-headers/prov-headers.html">registry of proposed new HTTP message headers</a>.</p>
+
+<p>Headers can be grouped according to their contexts:</p>
+
+<ul>
+ <li>{{Glossary("General header")}}: Headers applying to both requests and responses but with no relation to the data eventually transmitted in the body.</li>
+ <li>{{Glossary("Request header")}}: Headers containing more information about the resource to be fetched or about the client itself.</li>
+ <li>{{Glossary("Response header")}}: Headers with additional information about the response, like its location or about the server itself (name and version etc.).</li>
+ <li>{{Glossary("Entity header")}}: Headers containing more information about the body of the entity, like its content length or its MIME-type.</li>
+</ul>
+
+<p>Headers can also be grouped according to how proxies handle them:</p>
+
+<dl>
+ <dt><a id="e2e" name="e2e"></a>End-to-end headers</dt>
+ <dd>These headers must be transmitted to the final recipient of the message; that is, the server for a request or the client for a response. Intermediate proxies must retransmit end-to-end headers unmodified and caches must store them.</dd>
+ <dt><a id="hbh" name="hbh"></a>Hop-by-hop headers</dt>
+ <dd>These headers are meaningful only for a single transport-level connection and must not be retransmitted by proxies or cached. Such headers are: {{ httpheader("Connection") }}, {{ httpheader("Keep-Alive") }}, {{ httpheader("Proxy-Authenticate") }}, {{ httpheader("Proxy-Authorization") }}, {{ httpheader("TE") }}, {{ httpheader("Trailer") }}, {{ httpheader("Transfer-Encoding") }} and {{ httpheader("Upgrade") }}. Note that only hop-by-hop headers may be set using the {{ httpheader("Connection") }} general header.</dd>
+</dl>
+
+<p>The following list summaries HTTP headers by their usage category. For an alphabetical list, see the navigation on the left side.</p>
+
+<h2 id="Authentication">Authentication</h2>
+
+<dl>
+ <dt>{{HTTPHeader("WWW-Authenticate")}}</dt>
+ <dd>Defines the authentication method that should be used to gain access to a resource.</dd>
+ <dt>{{HTTPHeader("Authorization")}}</dt>
+ <dd>Contains the credentials to authenticate a user agent with a server.</dd>
+ <dt>{{HTTPHeader("Proxy-Authenticate")}}</dt>
+ <dd>Defines the authentication method that should be used to gain access to a resource behind a Proxy server.</dd>
+ <dt>{{HTTPHeader("Proxy-Authorization")}}</dt>
+ <dd>Contains the credentials to authenticate a user agent with a proxy server.</dd>
+</dl>
+
+<h2 id="Caching">Caching</h2>
+
+<dl>
+ <dt>{{HTTPHeader("Age")}}</dt>
+ <dd>The time in seconds the object has been in a proxy cache.</dd>
+ <dt>{{HTTPHeader("Cache-Control")}}</dt>
+ <dd>Specifies directives for caching mechanisms in both, requests and responses.</dd>
+ <dt>{{HTTPHeader("Expires")}}</dt>
+ <dd>The date/time after which the response is considered stale.</dd>
+ <dt>{{HTTPHeader("Pragma")}}</dt>
+ <dd>Implementation-specific header that may have various effects anywhere along the request-response chain. Used for backwards compatibility with HTTP/1.0 caches where the <code>Cache-Control</code> header is not yet present.</dd>
+ <dt>{{HTTPHeader("Warning")}}</dt>
+ <dd>A general warning field containing information about possible problems.</dd>
+</dl>
+
+<h2 id="Client_hints">Client hints</h2>
+
+<dl>
+ <dt>{{HTTPHeader("Accept-CH")}}</dt>
+ <dd>...</dd>
+ <dt>{{HTTPHeader("Content-DPR")}}</dt>
+ <dd>...</dd>
+ <dt>{{HTTPHeader("DPR")}}</dt>
+ <dd>...</dd>
+ <dt>{{HTTPHeader("Downlink")}}</dt>
+ <dd>...</dd>
+ <dt>{{HTTPHeader("Save-Data")}}</dt>
+ <dd>...</dd>
+ <dt>{{HTTPHeader("Viewport-Width")}}</dt>
+ <dd>...</dd>
+ <dt>{{HTTPHeader("Width")}}</dt>
+ <dd>...</dd>
+</dl>
+
+<dl>
+ <dt>
+ <h2 id="Conditionals">Conditionals</h2>
+ </dt>
+ <dt>{{HTTPHeader("Last-Modified")}}</dt>
+ <dd>It is a validator, the last modification date of the resource, used to compare several versions of the same resource. It is less accurate than {{HTTPHeader("ETag")}}, but easier to calculate in some environments. Conditional requests using {{HTTPHeader("If-Modified-Since")}} and {{HTTPHeader("If-Unmodified-Since")}} use this value to change the behavior of the request.</dd>
+ <dt>{{HTTPHeader("ETag")}}</dt>
+ <dd>It is a validator, a unique string identifying the version of the resource. Conditional requests using {{HTTPHeader("If-Match")}} and {{HTTPHeader("If-None-Match")}} use this value to change the behavior of the request.</dd>
+ <dt>{{HTTPHeader("If-Match")}}</dt>
+ <dd>Makes the request conditional and applies the method only if the stored resource matches one of the given ETags.</dd>
+ <dt>{{HTTPHeader("If-None-Match")}}</dt>
+ <dd>Makes the request conditional and applies the method only if the stored resource doesn't match any of the given ETags. This is used to update caches (for safe requests), or to prevent to upload a new resource when one is already existing.</dd>
+ <dt>{{HTTPHeader("If-Modified-Since")}}</dt>
+ <dd>Makes the request conditional and expects the entity to be transmitted only if it has been modified after the given date. This is used to transmit data only when the cache is out of date.</dd>
+ <dt>{{HTTPHeader("If-Unmodified-Since")}}</dt>
+ <dd>Makes the request conditional and expects the entity to be transmitted only if it has not been modified after the given date. This is used to ensure the coherence of a new fragment of a specific range with previous ones, or to implement an optimistic concurrency control system when modifying existing documents.</dd>
+</dl>
+
+<h2 id="Connection_management">Connection management</h2>
+
+<dl>
+ <dt>{{HTTPHeader("Connection")}}</dt>
+ <dd>Controls whether or not the network connection stays open after the current transaction finishes.</dd>
+ <dt>{{HTTPHeader("Keep-Alive")}}</dt>
+ <dd>Controls how long a persistent connection should stay open.</dd>
+</dl>
+
+<h2 id="Content_negotiation">Content negotiation</h2>
+
+<dl>
+ <dt>{{HTTPHeader("Accept")}}</dt>
+ <dd>Informs the server about the types of data that can be sent back. It is MIME-type.</dd>
+ <dt>{{HTTPHeader("Accept-Charset")}}</dt>
+ <dd>Informs the server about which character set the client is able to understand.</dd>
+ <dt>{{HTTPHeader("Accept-Encoding")}}</dt>
+ <dd>Informs the server about the encoding algorithm, usually a compression algorithm, that can be used on the resource sent back.</dd>
+ <dt>{{HTTPHeader("Accept-Language")}}</dt>
+ <dd>Informs the server about the language the server is expected to send back. This is a hint and is not necessarily under the full control of the user: the server should always pay attention not to override an explicit user choice (like selecting a language in a drop down list).</dd>
+</dl>
+
+<dl>
+</dl>
+
+<h2 id="Controls">Controls</h2>
+
+<dl>
+ <dt>{{HTTPHeader("Expect")}}</dt>
+ <dd>...</dd>
+ <dt>{{HTTPHeader("Max-Forwards")}}</dt>
+ <dd>...</dd>
+</dl>
+
+<h2 id="Cookies">Cookies</h2>
+
+<dl>
+ <dt>{{HTTPHeader("Cookie")}}</dt>
+ <dd>Contains stored <a href="/en-US/docs/Web/HTTP/Cookies">HTTP cookies</a> previously sent by the server with the {{HTTPHeader("Set-Cookie")}} header.</dd>
+ <dt>{{HTTPHeader("Set-Cookie")}}</dt>
+ <dd>Send cookies from the server to the user agent.</dd>
+ <dt>{{HTTPHeader("Cookie2")}} {{obsolete_inline}}</dt>
+ <dd>Used to contain an HTTP cookie, previously sent by the server with the {{HTTPHeader("Set-Cookie2")}} header, but has been obsoleted by the specification. Use {{HTTPHeader("Cookie")}} instead.</dd>
+ <dt>{{HTTPHeader("Set-Cookie2")}} {{obsolete_inline}}</dt>
+ <dd>Used to send cookies from the server to the user agent, but has been obsoleted by the specification. Use {{HTTPHeader("Set-Cookie")}} instead.</dd>
+ <dt>
+ <h2 id="CORS">CORS</h2>
+ </dt>
+ <dt>{{HTTPHeader("Access-Control-Allow-Origin")}}</dt>
+ <dd>Indicates whether the response can be shared.</dd>
+ <dt>{{HTTPHeader("Access-Control-Allow-Credentials")}}</dt>
+ <dd>Indicates whether or not the response to the request can be exposed when the credentials flag is true.</dd>
+ <dt>{{HTTPHeader("Access-Control-Allow-Headers")}}</dt>
+ <dd>Used in response to a preflight request to indicate which HTTP headers can be used when making the actual request.</dd>
+ <dt>{{HTTPHeader("Access-Control-Allow-Methods")}}</dt>
+ <dd>Specifies the method or methods allowed when accessing the resource in response to a preflight request.</dd>
+ <dt>{{HTTPHeader("Access-Control-Expose-Headers")}}</dt>
+ <dd>Indicates which headers can be exposed as part of the response by listing their names.</dd>
+ <dt>{{HTTPHeader("Access-Control-Max-Age")}}</dt>
+ <dd>Indicates how long the results of a preflight request can be cached.</dd>
+ <dt>{{HTTPHeader("Access-Control-Request-Headers")}}</dt>
+ <dd>Used when issuing a preflight request to let the server know which HTTP headers will be used when the actual request is made.</dd>
+ <dt>{{HTTPHeader("Access-Control-Request-Method")}}</dt>
+ <dd>Used when issuing a preflight request to let the server know which <a href="/en-US/docs/Web/HTTP/Methods">HTTP method</a> will be used when the actual request is made.</dd>
+ <dt>{{HTTPHeader("Origin")}}</dt>
+ <dd>Indicates where a fetch originates from.</dd>
+</dl>
+
+<h2 id="Do_Not_Track">Do Not Track</h2>
+
+<dl>
+ <dt>{{HTTPHeader("DNT")}}</dt>
+ <dd>Used for expressing the user's tracking preference.</dd>
+ <dt>{{HTTPHeader("Tk")}}</dt>
+ <dd>Indicates the tracking status that applied to the corresponding request.</dd>
+</dl>
+
+<h2 id="Downloads">Downloads</h2>
+
+<dl>
+ <dt>{{HTTPHeader("Content-Disposition")}}</dt>
+ <dd>Is a response header if the resource transmitted should be displayed inline (default behavior when the header is not present), or it should be handled like a download and the browser should present a 'Save As' window.</dd>
+</dl>
+
+<h2 id="Message_body_information">Message body information</h2>
+
+<dl>
+ <dt>{{HTTPHeader("Content-Length")}}</dt>
+ <dd>indicates the size of the entity-body, in decimal number of octets, sent to the recipient.</dd>
+ <dt>{{HTTPHeader("Content-Type")}}</dt>
+ <dd>Indicates the media type of the resource.</dd>
+ <dt>{{HTTPHeader("Content-Encoding")}}</dt>
+ <dd>Used to specify the compression algorithm.</dd>
+ <dt>{{HTTPHeader("Content-Language")}}</dt>
+ <dd>Describes the language(s) intended for the audience, so that it allows a user to differentiate according to the users' own preferred language.</dd>
+ <dt>{{HTTPHeader("Content-Location")}}</dt>
+ <dd>Indicates an alternate location for the returned data.</dd>
+ <dt>
+ <h2 id="Proxies">Proxies</h2>
+ </dt>
+</dl>
+
+<dl>
+ <dt>{{HTTPHeader("Forwarded")}}</dt>
+ <dd>Contains information from the client-facing side of proxy servers that is altered or lost when a proxy is involved in the path of the request.</dd>
+ <dt>{{HTTPHeader("X-Forwarded-For")}} {{non-standard_inline}}</dt>
+ <dd>Identifies the originating IP addresses of a client connecting to a web server through an HTTP proxy or a load balancer.</dd>
+ <dt>{{HTTPHeader("X-Forwarded-Host")}} {{non-standard_inline}}</dt>
+ <dd>Identifies the original host requested that a client used to connect to your proxy or load balancer.</dd>
+ <dt>{{HTTPHeader("X-Forwarded-Proto")}} {{non-standard_inline}}</dt>
+ <dd>identifies the protocol (HTTP or HTTPS) that a client used to connect to your proxy or load balancer.</dd>
+ <dt>{{HTTPHeader("Via")}}</dt>
+ <dd>Added by proxies, both forward and reverse proxies, and can appear in the request headers and the response headers.</dd>
+</dl>
+
+<h2 id="Redirects">Redirects</h2>
+
+<dl>
+ <dt>{{HTTPHeader("Location")}}</dt>
+ <dd>Indicates the URL to redirect a page to.</dd>
+</dl>
+
+<h2 id="Request_context">Request context</h2>
+
+<dl>
+ <dt>{{HTTPHeader("From")}}</dt>
+ <dd>Contains an Internet email address for a human user who controls the requesting user agent.</dd>
+ <dt>{{HTTPHeader("Host")}}</dt>
+ <dd>Specifies the domain name of the server (for virtual hosting), and (optionally) the TCP port number on which the server is listening.</dd>
+ <dt>{{HTTPHeader("Referer")}}</dt>
+ <dd>The address of the previous web page from which a link to the currently requested page was followed.</dd>
+ <dt>{{HTTPHeader("Referrer-Policy")}}</dt>
+ <dd>Governs which referrer information sent in the {{HTTPHeader("Referer")}} header should be included with requests made.</dd>
+ <dt>{{HTTPHeader("User-Agent")}}</dt>
+ <dd>Contains a characteristic string that allows the network protocol peers to identify the application type, operating system, software vendor or software version of the requesting software user agent. See also the <a href="/en-US/docs/Web/HTTP/Headers/User-Agent/Firefox">Firefox user agent string reference</a>.</dd>
+</dl>
+
+<h2 id="Response_context">Response context</h2>
+
+<dl>
+ <dt>{{HTTPHeader("Allow")}}</dt>
+ <dd>Lists the set of HTTP request methods support by a resource.</dd>
+ <dt>{{HTTPHeader("Server")}}</dt>
+ <dd>Contains information about the software used by the origin server to handle the request.</dd>
+</dl>
+
+<h2 id="Range_requests">Range requests</h2>
+
+<dl>
+ <dt>{{HTTPHeader("Accept-Ranges")}}</dt>
+ <dd>Indicates if the server supports range requests and if so, in which unit the range can be expressed.</dd>
+ <dt>{{HTTPHeader("Range")}}</dt>
+ <dd>Indicates the part of a document that the server should return.</dd>
+ <dt>{{HTTPHeader("If-Range")}}</dt>
+ <dd>Creates a conditional range request that is only fulfilled if the given etag or date matches the remote resource. Used to prevent downloading two ranges from incompatible version of the resource.</dd>
+ <dt>{{HTTPHeader("Content-Range")}}</dt>
+ <dd>Indicates where in a full body message a partial message belongs.</dd>
+</dl>
+
+<h2 id="Security">Security</h2>
+
+<dl>
+ <dt>{{HTTPHeader("Content-Security-Policy")}} ({{Glossary("CSP")}})</dt>
+ <dd>Controls resources the user agent is allowed to load for a given page.</dd>
+ <dt>{{HTTPHeader("Content-Security-Policy-Report-Only")}}</dt>
+ <dd>Allows web developers to experiment with policies by monitoring (but not enforcing) their effects. These violation reports consist of {{Glossary("JSON")}} documents sent via an HTTP <code>POST</code> request to the specified URI.</dd>
+ <dt>{{HTTPHeader("Public-Key-Pins")}} ({{Glossary("HPKP")}})</dt>
+ <dd>Associates a specific cryptographic public key with a certain web server to decrease the risk of {{Glossary("MITM")}} attacks with forged certificates.</dd>
+ <dt>{{HTTPHeader("Public-Key-Pins-Report-Only")}}</dt>
+ <dd>Sends reports to the report-uri specified in the header and does still allow clients to connect to the server even if the pinning is violated.</dd>
+</dl>
+
+<dl>
+ <dt>{{HTTPHeader("Strict-Transport-Security")}} ({{Glossary("HSTS")}})</dt>
+ <dd>Force communication using HTTPS instead of HTTP.</dd>
+ <dt>{{HTTPHeader("Upgrade-Insecure-Requests")}}</dt>
+ <dd>Sends a signal to the server expressing the client’s preference for an encrypted and authenticated response, and that it can successfully handle the {{CSP("upgrade-insecure-requests")}} directive.</dd>
+</dl>
+
+<dl>
+ <dt>{{HTTPHeader("X-Content-Type-Options")}}</dt>
+ <dd>Disables MIME sniffing and forces browser to use the type given in {{HTTPHeader("Content-Type")}}.</dd>
+</dl>
+
+<dl>
+ <dt>{{HTTPHeader("X-Frame-Options")}} (XFO)</dt>
+ <dd>Indicates whether or not a browser should be allowed to render a page in a {{HTMLElement("frame")}}, {{HTMLElement("iframe")}} or {{HTMLElement("object")}}</dd>
+ <dt>{{HTTPHeader("X-XSS-Protection")}}</dt>
+ <dd>Enables cross-site scripting filtering.</dd>
+</dl>
+
+<h2 id="Server-sent_events">Server-sent events</h2>
+
+<dl>
+ <dt>{{HTTPHeader("Ping-From")}}</dt>
+ <dd>...</dd>
+ <dt>{{HTTPHeader("Ping-To")}}</dt>
+ <dd>...</dd>
+ <dt>{{HTTPHeader("Last-Event-ID")}}</dt>
+ <dd>...</dd>
+</dl>
+
+<h2 id="Transfer_coding">Transfer coding</h2>
+
+<dl>
+ <dt>{{HTTPHeader("Transfer-Encoding")}}</dt>
+ <dd>Specifies the the form of encoding used to safely transfer the entity to the user.</dd>
+ <dt>{{HTTPHeader("TE")}}</dt>
+ <dd>Specifies the transfer encodings the user agent is willing to accept.</dd>
+ <dt>{{HTTPHeader("Trailer")}}</dt>
+ <dd>Allows the sender to include additional fields at the end of chunked message.</dd>
+</dl>
+
+<h2 id="WebSockets">WebSockets</h2>
+
+<dl>
+ <dt>{{HTTPHeader("Sec-WebSocket-Key")}}</dt>
+ <dd>...</dd>
+ <dt>{{HTTPHeader("Sec-WebSocket-Extensions")}}</dt>
+ <dd>...</dd>
+ <dt>{{HTTPHeader("Sec-WebSocket-Accept")}}</dt>
+ <dd>...</dd>
+ <dt>{{HTTPHeader("Sec-WebSocket-Protocol")}}</dt>
+ <dd>...</dd>
+ <dt>{{HTTPHeader("Sec-WebSocket-Version")}}</dt>
+ <dd>...</dd>
+</dl>
+
+<h2 id="Other">Other</h2>
+
+<dl>
+ <dt>{{HTTPHeader("Date")}}</dt>
+ <dd>Contains the date and time at which the message was originated.</dd>
+ <dt>{{HTTPHeader("Large-Allocation")}}</dt>
+ <dd>Tells the browser that the page being loaded is going to want to perform a large allocation.</dd>
+ <dt>{{HTTPHeader("Link")}}</dt>
+ <dd>...</dd>
+ <dt>{{HTTPHeader("Retry-After")}}</dt>
+ <dd>Indicates how long the user agent should wait before making a follow-up request.</dd>
+ <dt>{{HTTPHeader("Upgrade")}}</dt>
+ <dd>This is a Proposed Internet Standard. To view a comprehensive list of all Official and Proposed Internet Standards with detailed information about each, <a href="https://www.rfc-editor.org/standards">visit this Internet Standards reference</a>, which is updated daily.  The relevant RFC document for the <a href="https://tools.ietf.org/html/rfc7230#section-6.7">Upgrade header field standard is RFC 7230, section 6.7</a>.  The standard establishes rules for upgrading or changing to a different protocol on the current client, server, transport protocol connection.  For example, this header standard allows a client to change from HTTP 1.1 to HTTP 2.0, assuming the server decides to acknowledge and implement the Upgrade header field.  Niether party is required to accept the terms specified in the Upgrade header field.  It can be used in both client and server headers.  If the Upgrade header field is specified, then the sender MUST also send the Connection header field with the upgrade option specified.  For details on the Connection header field <a href="https://tools.ietf.org/html/rfc7230#section-6.1">please see section 6.1 of the aforementioned RFC</a>.</dd>
+ <dt>{{HTTPHeader("Vary")}}</dt>
+ <dd>Determines how to match future request headers to decide whether a cached response can be used rather than requesting a fresh one from the origin server.</dd>
+ <dt>{{HTTPHeader("X-DNS-Prefetch-Control")}}</dt>
+ <dd>Controls DNS prefetching, a feature by which browsers proactively perform domain name resolution on both links that the user may choose to follow as well as URLs for items referenced by the document, including images, CSS, JavaScript, and so forth.</dd>
+ <dt>{{HTTPHeader("X-Requested-With")}}</dt>
+ <dd>...</dd>
+ <dt>{{HTTPHeader("X-UA-Compatible")}}</dt>
+ <dd>...</dd>
+</dl>
+
+<h2 id="See_also">See also</h2>
+
+<ul>
+ <li><a href="https://en.wikipedia.org/wiki/List_of_HTTP_header_fields">Wikipedia page on List of HTTP headers</a></li>
+ <li><a href="https://www.iana.org/assignments/message-headers/perm-headers.html">IANA registry</a></li>
+</ul>
diff --git a/files/zh-tw/web/http/headers/server/index.html b/files/zh-tw/web/http/headers/server/index.html
new file mode 100644
index 0000000000..26d1e1fe90
--- /dev/null
+++ b/files/zh-tw/web/http/headers/server/index.html
@@ -0,0 +1,73 @@
+---
+title: Server
+slug: Web/HTTP/Headers/Server
+translation_of: Web/HTTP/Headers/Server
+---
+<div>{{HTTPSidebar}}</div>
+
+<p><span class="seoSummary"><code><strong>Server</strong></code> 標頭描述處理請求的伺服器軟體資訊：也就是產生回應的伺服器資訊。</span></p>
+
+<div class="blockIndicator warning">
+<p>請避免 Server 值的資訊過度冗長與詳盡，因為它們可能會洩漏實做細節、讓攻擊者容易找到已知安全漏洞並利用之。</p>
+</div>
+
+
+
+
+<table class="properties">
+ <tbody>
+  <tr>
+   <th scope="row">標頭類型</th>
+   <td>{{Glossary("Response header")}}</td>
+  </tr>
+  <tr>
+   <th scope="row">{{Glossary("Forbidden header name")}}</th>
+   <td>否</td>
+  </tr>
+ </tbody>
+</table>
+
+<h2 id="語法">語法</h2>
+
+<pre class="syntaxbox">Server: &lt;product&gt;
+</pre>
+
+<h2 id="指令">指令</h2>
+
+<dl>
+ <dt>&lt;product&gt;</dt>
+ <dd>處理請求的軟體（或組件）名。語法通常與 {{HTTPHeader('User-Agent')}} 相似。</dd>
+</dl>
+
+<p>How much detail to include is an interesting balance to strike; exposing the OS version is probably a bad idea, as mentioned in the earlier warning about overly-detailed values. However, exposed Apache versions helped browsers work around a bug those versions had with {{HTTPHeader('Content-Encoding')}} combined with {{HTTPHeader('Range')}}.</p>
+
+<h2 id="示例">示例</h2>
+
+<pre>Server: Apache/2.4.1 (Unix)</pre>
+
+<h2 id="規範">規範</h2>
+
+<table class="standard-table">
+ <tbody>
+  <tr>
+   <th scope="col">規範</th>
+   <th scope="col">標題</th>
+  </tr>
+  <tr>
+   <td>{{RFC("7231", "Server", "7.4.2")}}</td>
+   <td>Hypertext Transfer Protocol (HTTP/1.1)：語意化及內容</td>
+  </tr>
+ </tbody>
+</table>
+
+<h2 id="瀏覽器相容性">瀏覽器相容性</h2>
+
+<p class="hidden">The compatibility table in this page is generated from structured data. If you'd like to contribute to the data, please check out <a href="https://github.com/mdn/browser-compat-data">https://github.com/mdn/browser-compat-data</a> and send us a pull request.</p>
+
+<p>{{Compat("http.headers.Server")}}</p>
+
+<h2 id="參見">參見</h2>
+
+<ul>
+ <li>{{HTTPHeader("Allow")}}</li>
+</ul>
diff --git a/files/zh-tw/web/http/headers/strict-transport-security/index.html b/files/zh-tw/web/http/headers/strict-transport-security/index.html
new file mode 100644
index 0000000000..28995d7517
--- /dev/null
+++ b/files/zh-tw/web/http/headers/strict-transport-security/index.html
@@ -0,0 +1,110 @@
+---
+title: Strict-Transport-Security
+slug: Web/HTTP/Headers/Strict-Transport-Security
+translation_of: Web/HTTP/Headers/Strict-Transport-Security
+---
+<p><strong>HTTP <code>Strict-Transport-Security</code></strong> 回應標頭（簡稱為 {{Glossary("HSTS")}}）告知瀏覽器應強制使用HTTPS以取代HTTP。</p>
+
+<table class="properties">
+ <tbody>
+  <tr>
+   <th scope="row">Header type</th>
+   <td>{{Glossary("Response header")}}</td>
+  </tr>
+  <tr>
+   <th scope="row">{{Glossary("Forbidden header name")}}</th>
+   <td>no</td>
+  </tr>
+ </tbody>
+</table>
+
+<h2 id="Syntax">Syntax</h2>
+
+<pre class="syntaxbox">Strict-Transport-Security: max-age=&lt;expire-time&gt;
+Strict-Transport-Security: max-age=&lt;expire-time&gt;; includeSubDomains
+Strict-Transport-Security: max-age=&lt;expire-time&gt;; preload
+</pre>
+
+<h2 id="Directives">Directives</h2>
+
+<dl>
+ <dt><code>max-age=&lt;expire-time&gt;</code></dt>
+ <dd>以秒計算的時間，告知瀏覽器應該保持強制HTTPS存取的時間有多長。</dd>
+ <dt><code>includeSubDomains</code> {{optional_inline}}</dt>
+ <dd>若該標頭被聲明，則瀏覽器應該將強制使用HTTPS的狀態套用至該域名的所有子域。</dd>
+ <dt><code>preload</code> {{optional_inline}}</dt>
+ <dd>參考 {{anch("Preloading Strict Transport Security")}}。 此非規範的一部份。</dd>
+</dl>
+
+<h2 id="Description">Description</h2>
+
+<p>若是網站在被訪問時經由 HTTP 被重定向至 HTTPS，則訪客將在受到 HTTPS 保護前與該網站的非加密版本通信。例如若使用者輸入 http://www.foo.com/ 或是 foo.com 時，未加密的首次連線為中間人留下了機會。他們可以使用中間人攻擊將使用者定向至惡意網站而非使用者預期的網站的安全版本。</p>
+
+<p>HTTP Strict Transport Security 標頭明確告知瀏覽器在有效期間費不應該使用 HTTP 與該網站進行通訊，並且應該將所有的 HTTP 請求自動轉換成 HTTPS。</p>
+
+<div class="note"><strong>Note:</strong> 瀏覽器將會忽略 HTTP 站點所回應的 <code>Strict-Transport-Security</code> 標頭，因為在 HTTP 連線下，該標頭可能是被惡意添加或是竄改的。瀏覽器僅會在使用 HTTPS 連線且該連線由合法的證書保護時回應該標頭的要求，唯有在這種情況下瀏覽器方能確定該站點有正確的 HTTPS 配置且標頭的確由該站點所要求。</div>
+
+<h3 id="一個範例情境">一個範例情境</h3>
+
+<p>你連接到機場提供的免費 WIFI 並且登入你的網路銀行以察看可用餘額並支付帳單，不幸的是，你連上的無線網路實際上是黑客偽造的筆記型電腦。當你嘗試連上網路銀行時，實際上你連結的是黑客所偽造的網路銀行介面，現在，你的帳號密碼已經洩漏了。</p>
+
+<p>HSTS 可以處理這項問題，你只要曾經在安全的環境下連結到你的網路銀行，且該銀行啟用了 HSTS ，那你的瀏覽器將會知道僅使用 HTTPS 進行通訊，而不會接受黑客的重定向請求，HSTS 從中間人手上保護了你的安全。</p>
+
+<h3 id="瀏覽器如何處理它">瀏覽器如何處理它</h3>
+
+<p>當你首次經由 HTTPS 存取使用 HSTS 的網站時，你的瀏覽器將會記憶此一要求，在未來你存取該網站時將會自動將 HTTP 轉為 HTTPS。</p>
+
+<p>在 HSTS 標頭所指定的時間過期後，瀏覽器將不會自動將 HTTP 轉為 HTTPS。</p>
+
+<p><span class="tlid-translation translation" lang="zh-TW"><span title="">無論何時將Strict-Transport-Security標頭傳遞到瀏覽器，它都會更新該網站的到期時間，因此網站可以更新此一訊息並防止該聲明到期。</span> <span title="">如果有必要停用嚴格傳輸安全性，則將max-age設置為0（使用 HTTPS 連接）將立即使Strict-Transport-Security標頭過期，從而允許使用 HTTP 訪問。</span></span></p>
+
+<h2 id="Preloading_Strict_Transport_Security">Preloading Strict Transport Security</h2>
+
+<p>Google maintains <a href="https://hstspreload.org/">an HSTS preload service</a>. By following the guidelines and successfully submitting your domain, browsers will never connect to your domain using an insecure connection. While the service is hosted by Google, all browsers have stated an intent to use (or actually started using) the preload list. However, it is not part of the HSTS specification and should not be treated as official.</p>
+
+<ul>
+ <li>Information regarding the HSTS preload list in Chrome : <a href="https://www.chromium.org/hsts">https://www.chromium.org/hsts</a></li>
+ <li>Consultation of the Firefox HSTS preload list : <a href="https://hg.mozilla.org/mozilla-central/raw-file/tip/security/manager/ssl/nsSTSPreloadList.inc">nsSTSPreloadList.inc</a></li>
+</ul>
+
+<h2 id="Examples">Examples</h2>
+
+<p>All present and future subdomains will be HTTPS for a max-age of 1 year. This blocks access to pages or sub domains that can only be served over HTTP.</p>
+
+<pre>Strict-Transport-Security: max-age=31536000; includeSubDomains</pre>
+
+<h2 id="Specifications">Specifications</h2>
+
+<table class="standard-table">
+ <thead>
+  <tr>
+   <th scope="col">Specification</th>
+   <th scope="col">Status</th>
+   <th scope="col">Comment</th>
+  </tr>
+ </thead>
+ <tbody>
+  <tr>
+   <td>{{SpecName('HSTS')}}</td>
+   <td>{{Spec2('HSTS')}}</td>
+   <td>Initial definition</td>
+  </tr>
+ </tbody>
+</table>
+
+<h2 id="Browser_compatibility">Browser compatibility</h2>
+
+<p class="hidden">The compatibility table in this page is generated from structured data. If you'd like to contribute to the data, please check out <a href="https://github.com/mdn/browser-compat-data">https://github.com/mdn/browser-compat-data</a> and send us a pull request.</p>
+
+<p>{{Compat("http.headers.Strict-Transport-Security")}}</p>
+
+<h2 id="See_also">See also</h2>
+
+<ul>
+ <li>Blog post: <a class="external" href="http://blog.sidstamm.com/2010/08/http-strict-transport-security-has.html">HTTP Strict Transport Security has landed!</a></li>
+ <li>Blog post: <a class="external" href="http://hacks.mozilla.org/2010/08/firefox-4-http-strict-transport-security-force-https/">HTTP Strict Transport Security (force HTTPS)</a></li>
+ <li>OWASP Article: <a href="https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.md">HTTP Strict Transport Security</a></li>
+ <li>Wikipedia: {{interwiki("wikipedia", "HTTP Strict Transport Security")}}</li>
+ <li>Browser test site: <a href="https://projects.dm.id.lv/Public-Key-Pins_test">HSTS and HPKP test</a></li>
+ <li><a href="/en-US/docs/Web/Security/Secure_Contexts/features_restricted_to_secure_contexts">Features restricted to secure contexts</a></li>
+</ul>
diff --git a/files/zh-tw/web/http/headers/user-agent/index.html b/files/zh-tw/web/http/headers/user-agent/index.html
new file mode 100644
index 0000000000..38bfe13cbf
--- /dev/null
+++ b/files/zh-tw/web/http/headers/user-agent/index.html
@@ -0,0 +1,146 @@
+---
+title: User-Agent
+slug: Web/HTTP/Headers/User-Agent
+translation_of: Web/HTTP/Headers/User-Agent
+---
+<div>{{HTTPSidebar}}</div>
+
+<p><span class="seoSummary">User-Agent 請求標頭（request header）含有能令網路協議同級層（peer）識別發出該<a href="/zh-TW/docs/Glossary/User_agent">用戶代理</a>請求的軟體類型或版本號、該軟體使用的作業系統、還有軟體開發者的字詞串。</span></p>
+
+<div class="note">
+<p>請讀讀<a href="/zh-TW/docs/Web/HTTP/Browser_detection_using_the_user_agent">透過用戶代理偵測瀏覽器</a>以理解為什麼給不同的瀏覽器不同的頁面或服務是餿主意。</p>
+</div>
+
+<table class="properties">
+ <tbody>
+  <tr>
+   <th scope="row">標頭類型</th>
+   <td>{{Glossary("Request header")}}</td>
+  </tr>
+  <tr>
+   <th scope="row">{{Glossary("Forbidden header name")}}</th>
+   <td>否</td>
+  </tr>
+ </tbody>
+</table>
+
+<h2 id="語法">語法</h2>
+
+<pre class="syntaxbox">User-Agent: &lt;product&gt; / &lt;product-version&gt; &lt;comment&gt;
+</pre>
+
+<p>瀏覽器常見格式：</p>
+
+<pre class="syntaxbox">User-Agent: Mozilla/5.0 (&lt;system-information&gt;) &lt;platform&gt; (&lt;platform-details&gt;) &lt;extensions&gt;</pre>
+
+<p>網路瀏覽器常用的格式：</p>
+
+<pre class="syntaxbox">User-Agent: Mozilla/&lt;version&gt; (&lt;system-information&gt;) &lt;platform&gt; (&lt;platform-details&gt;) &lt;extensions&gt;
+</pre>
+
+<h2 id="指令">指令</h2>
+
+<dl>
+ <dt>&lt;product&gt;</dt>
+ <dd>產品識別符：通常是名字或開發代號。</dd>
+ <dt>&lt;product-version&gt;</dt>
+ <dd>產品版本號。</dd>
+ <dt>&lt;comment&gt;</dt>
+ <dd>關於產品資訊的註解（如副產品訊息）。可能有、或沒有。</dd>
+</dl>
+
+<h2 id="Firefox_UA_字串">Firefox UA 字串</h2>
+
+<p>關於 Firefox 和基於 Gecko 的用戶代理字串，請參閱 <a href="/zh-TW/docs/Web/HTTP/Headers/User-Agent/Firefox">Firefox 用戶代理字串參考</a>。Firefox 用戶代理字串大略上分成以下四個部份：</p>
+
+<p><strong>Mozilla/5.0 (<em>platform</em>; rv:<em>geckoversion</em>) Gecko/<em>geckotrail</em> Firefox/<em>firefoxversion</em></strong></p>
+
+<ol>
+ <li><code>Mozilla/5.0</code> is the general token that says the browser is Mozilla-compatible. For historical reasons, almost every browser today sends it.</li>
+ <li><strong><em>platform</em></strong> describes the native platform the browser is running on (Windows, Mac, Linux, Android, etc.), and if it's a mobile phone. <a href="/en-US/docs/Glossary/Firefox_OS">Firefox OS</a> phones simply say <code>Mobile</code> — the web is the platform. Note that <strong><em>platform</em></strong> can consist of multiple <code>"; "</code>-separated tokens. See below for further details and examples.</li>
+ <li><strong>rv:<em>geckoversion</em></strong> indicates the release version of Gecko (such as <em>"17.0"</em>). In recent browsers, <strong><em>geckoversion</em></strong> is the same as <strong><em>firefoxversion</em></strong>.</li>
+ <li><strong><em>Gecko/geckotrail</em></strong> indicates that the browser is based on <a href="/en-US/docs/Mozilla/Gecko">Gecko</a>. (On Desktop, <em><strong>geckotrail</strong></em> is always the fixed string <code>20100101</code>.)</li>
+ <li><em><strong>Firefox/firefoxversion</strong></em> indicates the browser is Firefox, and provides the version (such as "<em>17.0"</em>).</li>
+</ol>
+
+<h3 id="示例">示例</h3>
+
+<pre>Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:47.0) Gecko/20100101 Firefox/47.0
+Mozilla/5.0 (Macintosh; Intel Mac OS X <em>x.y</em>; rv:42.0) Gecko/20100101 Firefox/42.0
+</pre>
+
+<h2 id="Chrome_用戶代理字串">Chrome 用戶代理字串</h2>
+
+<p>Chrome（或基於 Chromium/blink 引擎的瀏覽器）的用戶代理字串看起來像 Firefox。出於相容性的理由，它還會加上「KHTML, like Gecko」與「Safari」的字串。</p>
+
+<h3 id="字串">字串</h3>
+
+<pre>Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36</pre>
+
+<h2 id="Opera_用戶代理字串">Opera 用戶代理字串</h2>
+
+<p>因為 Opera 瀏覽器的引擎也是基於 blink 的，所以語法也看起來也會很像。不過，還會加上「 OPR/&lt;version&gt;」一詞。</p>
+
+<h3 id="示例_2">示例</h3>
+
+<pre>Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36 OPR/38.0.2220.41</pre>
+
+<p>Opera 在使用 Presto 排版時的用戶代理字串</p>
+
+<pre class="no-line-numbers">Opera/9.80 (Macintosh; Intel Mac OS X; U; en) Presto/2.2.15 Version/10.00
+Opera/9.60 (Windows NT 6.0; U; en) Presto/2.1.1</pre>
+
+<h2 id="Safari_用戶代理字串">Safari 用戶代理字串</h2>
+
+<p>此例的 safari 用戶代理字串是攜帶版，所以會出現「Mobile」一詞。</p>
+
+<h3 id="示例_3">示例</h3>
+
+<pre>Mozilla/5.0 (Linux; U; Android 4.0.3; de-ch; HTC Sensation Build/IML74K) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30</pre>
+
+<h2 id="Internet_Explorer_用戶代理字串">Internet Explorer 用戶代理字串</h2>
+
+<h3 id="示例_4">示例</h3>
+
+<pre>Mozilla/5.0 (compatible; MSIE 9.0; Windows Phone OS 7.5; Trident/5.0; IEMobile/9.0)</pre>
+
+<h2 id="網路爬蟲與機器人的用戶代理字串">網路爬蟲與機器人的用戶代理字串</h2>
+
+<h3 id="示例_5">示例</h3>
+
+<pre>Googlebot/2.1 (+http://www.google.com/bot.html)</pre>
+
+<h2 id="規範">規範</h2>
+
+<table class="standard-table">
+ <tbody>
+  <tr>
+   <th scope="col">規範</th>
+   <th scope="col">標題</th>
+  </tr>
+  <tr>
+   <td>{{RFC(7231, "User-Agent", "5.5.3")}}</td>
+   <td>Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content</td>
+  </tr>
+  <tr>
+   <td>{{RFC(2616, "User-Agent", "14.43")}}</td>
+   <td>Hypertext Transfer Protocol -- HTTP/1.1</td>
+  </tr>
+ </tbody>
+</table>
+
+<h2 id="瀏覽器相容性">瀏覽器相容性</h2>
+
+<p class="hidden">The compatibility table in this page is generated from structured data. If you'd like to contribute to the data, please check out <a href="https://github.com/mdn/browser-compat-data">https://github.com/mdn/browser-compat-data</a> and send us a pull request.</p>
+
+<p>{{Compat("http.headers.User-Agent")}}</p>
+
+<h2 id="參閱">參閱</h2>
+
+<ul>
+ <li><a href="https://hacks.mozilla.org/2013/09/user-agent-detection-history-and-checklist/">User-Agent detection, history and checklist</a></li>
+ <li><a href="/zh-TW/docs/Web/HTTP/Headers/User-Agent/Firefox">Firefox 用戶代理字串參考</a></li>
+ <li>
+  <p><a href="/zh-TW/docs/Web/HTTP/Browser_detection_using_the_user_agent">透過用戶代理偵測瀏覽器</a></p>
+ </li>
+</ul>
diff --git a/files/zh-tw/web/http/headers/x-forwarded-for/index.html b/files/zh-tw/web/http/headers/x-forwarded-for/index.html
new file mode 100644
index 0000000000..546a4ed60c
--- /dev/null
+++ b/files/zh-tw/web/http/headers/x-forwarded-for/index.html
@@ -0,0 +1,74 @@
+---
+title: X-Forwarded-For
+slug: Web/HTTP/Headers/X-Forwarded-For
+translation_of: Web/HTTP/Headers/X-Forwarded-For
+---
+<div>{{HTTPSidebar}}</div>
+
+<p><strong><code>X-Forwarded-For</code></strong> (XFF) 標頭是辨識用戶端透過 HTTP 代理或負載平衡 IP 位置來源的，事實上的標準。如果流量是在伺服器與用戶端中間擷取，伺服器日誌就只會代理或負載平衡的 IP 位置。如果要檢查用戶端的 IP 的原始來源，就會去檢查 <code>X-Forwarded-For</code> 請求標頭。</p>
+
+<p>這個標頭用於除錯、分析、產生與位置相關的內容、透過設計也洩漏部分隱私資訊，例如用戶端的 IP 位置。因此在部署此標頭時，必須考慮到用戶的隱私。</p>
+
+<p>此 HTTP 標頭的標準化版本為 {{HTTPHeader("Forwarded")}} 標頭。</p>
+
+<p><code>X-Forwarded-For</code> 也是個說明 email-message 是從哪個帳戶轉發的 email-header。</p>
+
+<table class="properties">
+ <tbody>
+  <tr>
+   <th scope="row">標頭屬性</th>
+   <td>{{Glossary("Request header")}}</td>
+  </tr>
+  <tr>
+   <th scope="row">{{Glossary("Forbidden header name")}}</th>
+   <td>no</td>
+  </tr>
+ </tbody>
+</table>
+
+<h2 id="語法">語法</h2>
+
+<pre class="syntaxbox">X-Forwarded-For: &lt;client&gt;, &lt;proxy1&gt;, &lt;proxy2&gt;
+</pre>
+
+<h2 id="指令">指令</h2>
+
+<dl>
+ <dt>&lt;client&gt;</dt>
+ <dd>用戶端的 IP 位置</dd>
+ <dt>&lt;proxy1&gt;, &lt;proxy2&gt;</dt>
+ <dd>如果請求用上了多個代理，則列出每個後續代理的 IP 地址。也就是說，最右邊的 IP 位置，是最新代理的 IP 位置；最左邊的 IP 位置，是用戶端原始來源的 IP 位置。</dd>
+</dl>
+
+<h2 id="示例">示例</h2>
+
+<pre>X-Forwarded-For: 2001:db8:85a3:8d3:1319:8a2e:370:7348
+
+X-Forwarded-For: 203.0.113.195
+
+X-Forwarded-For: 203.0.113.195, 70.41.3.18, 150.172.238.178
+</pre>
+
+<p>其他非標準變體：</p>
+
+<pre># Used for some Google services
+X-ProxyUser-Ip: 203.0.113.19</pre>
+
+<h2 id="規範">規範</h2>
+
+<p>任何版本都沒有被標準化。標準化版本的標頭為 {{HTTPHeader("Forwarded")}}。</p>
+
+<h2 id="瀏覽器相容性">瀏覽器相容性</h2>
+
+
+
+<p>{{Compat("http.headers.X-Forwarded-For")}}</p>
+
+<h2 id="參見">參見</h2>
+
+<ul>
+ <li>{{HTTPHeader("Forwarded")}}</li>
+ <li>{{HTTPHeader("X-Forwarded-Host")}}</li>
+ <li>{{HTTPHeader("X-Forwarded-Proto")}}</li>
+ <li>{{HTTPHeader("Via")}}</li>
+</ul>
diff --git a/files/zh-tw/web/http/headers/x-frame-options/index.html b/files/zh-tw/web/http/headers/x-frame-options/index.html
new file mode 100644
index 0000000000..b19ddffe26
--- /dev/null
+++ b/files/zh-tw/web/http/headers/x-frame-options/index.html
@@ -0,0 +1,146 @@
+---
+title: X-Frame-Options 回應標頭
+slug: Web/HTTP/Headers/X-Frame-Options
+translation_of: Web/HTTP/Headers/X-Frame-Options
+---
+<p>{{ gecko_minversion_header("2.0") }}</p>
+
+<div class="note">
+<div class="syntaxbox"><strong>Note: </strong>CSP Level 2 的 <a href="/en-US/docs/Security/CSP/CSP_policy_directives#frame-ancestors">frame-ancestors</a> 指令標準雖然已經取代了非標準的 X-Frame-Options，而自 {{Gecko("4.0")}} 起也開始支援  frame-ancestors 指令，但因為並非所有瀏覽器都支援 frame-ancestors，所以 支援度較廣的 X-Frame-Options 還是可以和  CSP 一起採用。</div>
+</div>
+
+<p><span style="line-height: 1.5;">X-Frame-Options </span><a href="/en/HTTP" style="line-height: 1.5;" title="en/HTTP">HTTP</a><span style="line-height: 1.5;"> 回應標頭 (header) 用來指示文件是否能夠載入 {{ HTMLElement("frame") }}, {{ HTMLElement("iframe") }} 以及 {{ HTMLElement("object") }}，網站可以利用 </span><span style="line-height: 19.0909080505371px;">X-Frame-Options 來確保本身內容不會遭惡意嵌入道其他網站、避免 </span><span style="line-height: 1.5;">clickjacking 攻擊</span></p>
+
+<h2 id="使用_X-Frame-Options">使用 X-Frame-Options</h2>
+
+<p>共有三種值：</p>
+
+<dl>
+ <dt><code>DENY</code></dt>
+ <dd>表示文件無論如何都不能被嵌入到 frame 中，即使是自家網站也不行。</dd>
+ <dt><code>SAMEORIGIN</code></dt>
+ <dd>唯有當符合<a href="/zh-TW/docs/Web/JavaScript/Same_origin_policy_for_JavaScript">同源政策</a>下，才能<span style="line-height: 19.0909080505371px;">被嵌入到 frame 中。</span></dd>
+ <dt><code>ALLOW-FROM <em>uri</em></code></dt>
+ <dd>唯有列表許可的 URI 才能<span style="line-height: 19.0909080505371px;">嵌入到 frame 中。</span></dd>
+</dl>
+
+<h3 id="設定_Apache">設定 Apache</h3>
+
+<p>請加入以下指令到網站<span style="line-height: 19.0909080505371px;">組態設定檔</span>：</p>
+
+<pre>Header always append X-Frame-Options SAMEORIGIN
+</pre>
+
+<h3 id="設定_nginx">設定 nginx</h3>
+
+<p><span style="line-height: 19.0909080505371px;">請加入以下指令到</span> http, server 或 location 組態設定檔:</p>
+
+<pre><code>add_header X-Frame-Options </code>SAMEORIGIN<code>;</code>
+</pre>
+
+<h3 id="設定_IIS">設定 IIS</h3>
+
+<p><span style="line-height: 19.0909080505371px;">請加入以下指令到網站的</span> Web.config 檔:</p>
+
+<pre><code>&lt;system.webServer&gt;
+  ...
+
+  &lt;httpProtocol&gt;
+    &lt;customHeaders&gt;
+      &lt;add name="X-Frame-Options" value="SAMEORIGIN" /&gt;
+    &lt;/customHeaders&gt;
+  &lt;/httpProtocol&gt;
+
+  ...
+&lt;/system.webServer&gt;</code>
+</pre>
+
+<h3 id="設定_HAProxy">設定 HAProxy</h3>
+
+<p><span style="line-height: 19.0909080505371px;">請加入以下指令到</span> frontend, listen, 或 backend <span style="line-height: 19.0909080505371px;">組態設定檔</span>:</p>
+
+<pre>rspadd X-Frame-Options:\ SAMEORIGIN
+</pre>
+
+<div class="note">
+<p><strong>Note:  </strong>設定 Meta tag 是無效的，像是 &lt;meta http-equiv="X-Frame-Options" content="deny"&gt; 便沒有任何效果，只有透過設定 HTTP header 才有效果，請勿採用。</p>
+</div>
+
+<h2 id="sect1"> </h2>
+
+<h2 id="結論">結論</h2>
+
+<p>當載入一個 X-Frame-Options 不允許的網站到 iframe 中， Firefox 會顯示about:blank 的空白頁面，甚至某些狀況還會顯示錯誤訊息。</p>
+
+<h2 id="瀏覽器相容性">瀏覽器相容性</h2>
+
+<p>{{ CompatibilityTable() }}</p>
+
+<div id="compat-desktop">
+<table class="compat-table">
+ <tbody>
+  <tr>
+   <th>Feature</th>
+   <th>Chrome</th>
+   <th>Firefox (Gecko)</th>
+   <th>Internet Explorer</th>
+   <th>Opera</th>
+   <th>Safari</th>
+  </tr>
+  <tr>
+   <td>Basic support</td>
+   <td>{{ CompatChrome(4.1.249.1042) }}</td>
+   <td>{{ CompatGeckoDesktop(1.9.2.9) }}</td>
+   <td>{{ CompatIE(8.0) }}</td>
+   <td>{{ CompatOpera(10.5) }}</td>
+   <td>{{ CompatSafari(4.0) }}</td>
+  </tr>
+  <tr>
+   <td>ALLOW-FROM support</td>
+   <td>{{ CompatNo() }}</td>
+   <td>{{ CompatGeckoDesktop(18.0) }} {{ bug(690168) }}</td>
+   <td>{{ CompatIE("8.0?") }}</td>
+   <td>{{ CompatUnknown() }}</td>
+   <td>{{ CompatNo() }} {{webkitbug(94836)}}</td>
+  </tr>
+ </tbody>
+</table>
+</div>
+
+<div id="compat-mobile">
+<table class="compat-table">
+ <tbody>
+  <tr>
+   <th>Feature</th>
+   <th>Android</th>
+   <th>Chrome for Android</th>
+   <th>Firefox Mobile (Gecko)</th>
+   <th>IE Mobile</th>
+   <th>Opera Mobile</th>
+   <th>Safari Mobile</th>
+  </tr>
+  <tr>
+   <td>Basic support</td>
+   <td>{{ CompatUnknown() }}</td>
+   <td>{{ CompatUnknown() }}</td>
+   <td>{{ CompatUnknown() }}</td>
+   <td>{{ CompatUnknown() }}</td>
+   <td>{{ CompatUnknown() }}</td>
+   <td>{{ CompatUnknown() }}</td>
+  </tr>
+ </tbody>
+</table>
+</div>
+
+<h2 id="sect2"> </h2>
+
+<h2 id="延伸閱讀">延伸閱讀</h2>
+
+<ul>
+ <li><a class="external" href="http://blogs.msdn.com/b/ie/archive/2009/01/27/ie8-security-part-vii-clickjacking-defenses.aspx" title="http://blogs.msdn.com/b/ie/archive/2009/01/27/ie8-security-part-vii-clickjacking-defenses.aspx">ClickJacking Defenses - IEBlog</a></li>
+ <li><a href="http://blogs.msdn.com/b/ieinternals/archive/2010/03/30/combating-clickjacking-with-x-frame-options.aspx" title="http://blogs.msdn.com/b/ieinternals/archive/2010/03/30/combating-clickjacking-with-x-frame-options.aspx">Combating ClickJacking with X-Frame-Options - IEInternals</a></li>
+ <li><a href="https://tools.ietf.org/html/rfc7034" title="https://tools.ietf.org/html/rfc7034">HTTP Header Field X-Frame-Options - RFC 7034</a></li>
+ <li><a href="https://w3c.github.io/webappsec/specs/content-security-policy/#directive-frame-ancestors" title="https://dvcs.w3.org/hg/content-security-policy/raw-file/tip/csp-specification.dev.html#frame-src">CSP Level 2 frame-ancestors directive</a></li>
+</ul>
+
+<p>{{ languages( { "ja": "ja/The_X-FRAME-OPTIONS_response_header"} ) }}</p>