Repr-Digest
The HTTP Repr-Digest request and response header provides integrity digests for the selected representation before encoding or transformation.
Usage
The Repr-Digest header enables verification of representation integrity by computing a digest over the selected resource representation before applying transformations like Content-Encoding or range selection. This digest reflects the complete representation as stored or generated, independent of how the content is transmitted.
Servers send Repr-Digest to allow recipients to verify the representation integrity across different message encodings. Two responses serving the same representation with different encodings (gzip vs. Brotli) produce identical Repr-Digest values but different Content-Digest values. Range requests for the same resource also share the same Repr-Digest while producing different content digests for each partial response.
The header uses the Structured Fields Dictionary format, pairing algorithm identifiers with Base64-encoded digest values. Multiple algorithms appear in a single header when content negotiation or algorithm agility is needed.
Clients request specific digest algorithms using Want-Repr-Digest. Servers respond with preferred algorithms when no explicit request is made. Both headers work in requests and responses, and both support trailer fields when computing digests incrementally.
The Repr-Digest header complements Content-Digest by operating at the representation layer rather than the message layer. While Content-Digest verifies transmission integrity, Repr-Digest verifies representation consistency across different encodings and partial responses.
Algorithms
sha-256
The sha-256 algorithm produces a 256-bit digest using the SHA-256
cryptographic hash function. This algorithm suits most integrity
verification needs and is widely supported.
sha-512
The sha-512 algorithm produces a 512-bit digest using the SHA-512
cryptographic hash function. This algorithm provides stronger
cryptographic properties for contexts requiring additional security
margin.
Example
A server sends a SHA-256 digest of the complete representation before encoding. The Base64-encoded value represents the digest computed over the representation data, independent of transfer encoding or compression.
Repr-Digest: sha-256=:d435Qo+nKZ+gLcUHn7GQtQ72hiBVAgqoLsZnZPiTGPk=:
Multiple algorithms appear when the server supports algorithm negotiation. The recipient selects the strongest recognized algorithm and verifies the representation against the corresponding digest value.
Repr-Digest: sha-256=:d435Qo+nKZ+gLcUHn7GQtQ72hiBVAgqoLsZnZPiTGPk=:, sha-512=:db2D3SH1CNTyTJxiKmEAF1n1zqTFmPPxSDO3TYOYBcI=:
Two responses serving the same resource with different encodings carry identical Repr-Digest values. The representation digest remains constant while Content-Digest changes to reflect the encoded message content.
Content-Type: text/html
Content-Encoding: gzip
Repr-Digest: sha-256=:d435Qo+nKZ+gLcUHn7GQtQ72hiBVAgqoLsZnZPiTGPk=:
Content-Digest: sha-256=:RK/0qy18MlBSVnWgjwz6lZEWjP/lF5HF9bvEF8FabDg=:
Takeaway
The Repr-Digest header carries integrity digests computed over the selected representation before encoding, enabling verification of representation consistency across different message encodings and partial responses.