3.1.5.1 HTTP Headers

The client SHOULD send an X-Vermeer-Content-Type header, as specified in [RFC2616], section 14.17, with the same value as the standard HTTP Content-Type header to safeguard against one-click attacks (see section 5.1). The server MUST use this header, if present, to determine the Content-Type of the request. If this header is not present, the server SHOULD fail the request.<27>

Clients MUST also include the string "FrontPage" (case-sensitive) in its User-Agent header, as specified in [RFC2616], section 14.43. The server MAY alter its responses when the client does not do this.<28>

Except as specified in the get documents (section 3.1.5.3.7) method, server responses MUST have the HTTP Content-Type "application/x-vermeer-rpc".