Wireshark · Display Filter Reference: Hypertext Transfer Protocol

Field name	Description	Type	Versions
http.accept	Accept	Character string	1.0.0 to 4.4.2
http.accept_encoding	Accept Encoding	Character string	1.0.0 to 4.4.2
http.accept_language	Accept-Language	Character string	1.0.0 to 4.4.2
http.authbasic	Credentials	Character string	1.0.0 to 4.4.2
http.authcitrix	Citrix AG Auth	Boolean	2.0.0 to 4.4.2
http.authcitrix.domain	Citrix AG Domain	Character string	2.0.0 to 4.4.2
http.authcitrix.password	Citrix AG Password	Character string	2.0.0 to 4.4.2
http.authcitrix.session	Citrix AG Session ID	Character string	2.0.0 to 4.4.2
http.authcitrix.user	Citrix AG Username	Character string	2.0.0 to 4.4.2
http.authorization	Authorization	Character string	1.0.0 to 4.4.2
http.bad_header_name	Illegal characters found in header name	Label	3.0.0 to 4.4.2
http.body.fragment	HTTP Chunked Body fragment	Frame number	4.2.0 to 4.4.2
http.body.fragment.count	HTTP Chunked Body fragment count	Unsigned integer (32 bits)	4.2.0 to 4.4.2
http.body.fragment.error	HTTP Chunked Body defragment error	Frame number	4.2.0 to 4.4.2
http.body.fragment.multiple_tails	HTTP Chunked Body has multiple tail fragments	Boolean	4.2.0 to 4.4.2
http.body.fragment.overlap	HTTP Chunked Body fragment overlap	Boolean	4.2.0 to 4.4.2
http.body.fragment.overlap.conflicts	HTTP Chunked Body fragment overlapping with conflicting data	Boolean	4.2.0 to 4.4.2
http.body.fragment.too_long_fragment	HTTP Chunked Body fragment too long	Boolean	4.2.0 to 4.4.2
http.body.fragments	Reassembled HTTP Chunked Body fragments	Label	4.2.0 to 4.4.2
http.body.reassembled.data	Reassembled data	Byte sequence	4.2.0 to 4.4.2
http.body.reassembled.in	Reassembled in	Frame number	4.2.0 to 4.4.2
http.body.reassembled.length	Reassembled length	Unsigned integer (32 bits)	4.2.0 to 4.4.2
http.body.segment	HTTP Chunked Body segment	Byte sequence	4.2.0 to 4.4.2
http.cache_control	Cache-Control	Character string	1.0.0 to 4.4.2
http.chat	Formatted text	Label	1.12.0 to 4.2.9
http.chunk_boundary	Chunk boundary	Byte sequence	2.0.0 to 4.4.2
http.chunk_data	Chunk data	Byte sequence	3.6.7 to 4.4.2
http.chunk_size	Chunk size	Unsigned integer (32 bits)	2.0.0 to 4.4.2
http.chunkd_and_length	Expert Info	Label	1.12.0 to 2.0.16
http.chunked_trailer_part	trailer-part	Character string	1.12.4 to 4.4.2
http.connection	Connection	Character string	1.0.0 to 4.4.2
http.content_encoding	Content-Encoding	Character string	1.0.0 to 4.4.2
http.content_length	Content length	Unsigned integer (64 bits)	1.0.0 to 4.4.2
http.content_length_header	Content-Length	Character string	1.0.5 to 4.4.2
http.content_range	Content-Range	Character string	4.2.0 to 4.4.2
http.content_type	Content-Type	Character string	1.0.0 to 4.4.2
http.cookie	Cookie	Character string	1.0.0 to 4.4.2
http.cookie_pair	Cookie pair	Character string	1.12.0 to 4.4.2
http.date	Date	Character string	1.0.0 to 4.4.2
http.decompression_disabled	Decompression disabled	Label	3.6.0 to 4.4.2
http.decompression_failed	Decompression failed	Label	3.6.0 to 4.4.2
http.excess_data	Excess data after a body (not a new request/response), previous Content-Length bogus?	Label	4.2.0 to 4.4.2
http.file_data	File Data	Byte sequence	2.2.0 to 4.4.2
http.host	Host	Character string	1.0.0 to 4.4.2
http.http2_settings	HTTP2-Settings	Character string	3.6.0 to 4.4.2
http.http2_settings_uri	HTTP2 Settings URI	Byte sequence	3.6.0 to 4.4.2
http.last_modified	Last-Modified	Character string	1.0.0 to 4.4.2
http.leading_crlf	Leading CRLF previous message in the stream may have extra CRLF	Label	2.0.0 to 4.4.2
http.location	Location	Character string	1.0.0 to 4.4.2
http.next_request_in	Next request in frame	Frame number	1.10.0 to 4.2.9
http.next_response_in	Next response in frame	Frame number	1.10.0 to 4.2.9
http.notification	Notification	Boolean	1.0.0 to 4.4.2
http.path_segment	Path segment	Character string	4.0.0 to 4.0.17
http.path_sub_segment	Path sub segment	Character string	4.0.0 to 4.0.17
http.prev_request_in	Prev request in frame	Frame number	1.10.0 to 4.2.9
http.prev_response_in	Prev response in frame	Frame number	1.10.0 to 4.2.9
http.proxy_authenticate	Proxy-Authenticate	Character string	1.0.0 to 4.4.2
http.proxy_authorization	Proxy-Authorization	Character string	1.0.0 to 4.4.2
http.proxy_connect_host	Proxy-Connect-Hostname	Character string	1.0.0 to 4.4.2
http.proxy_connect_port	Proxy-Connect-Port	Unsigned integer (16 bits)	1.0.0 to 4.4.2
http.range	Range	Character string	4.2.0 to 4.4.2
http.referer	Referer	Character string	1.0.0 to 4.4.2
http.request	Request	Boolean	1.0.0 to 4.4.2
http.request.full_uri	Full request URI	Character string	1.6.0 to 4.4.2
http.request.line	Request line	Character string	1.12.0 to 4.4.2
http.request.method	Request Method	Character string	1.0.0 to 4.4.2
http.request.uri	Request URI	Character string	1.0.0 to 4.4.2
http.request.uri.path	Request URI Path	Character string	2.2.0 to 4.4.2
http.request.uri.path.segment	Request URI Path Segment	Character string	4.2.0 to 4.4.2
http.request.uri.query	Request URI Query	Character string	2.2.0 to 4.4.2
http.request.uri.query.parameter	Request URI Query Parameter	Character string	2.2.0 to 4.4.2
http.request.version	Request Version	Character string	1.0.0 to 4.4.2
http.request_in	Request in frame	Frame number	1.10.0 to 4.4.2
http.request_number	Request number	Unsigned integer (32 bits)	2.0.0 to 4.2.9
http.response	Response	Boolean	1.0.0 to 4.4.2
http.response.code	Status Code	Unsigned integer (24 bits)	1.0.0 to 4.4.2
http.response.code.desc	Status Code Description	Character string	2.4.0 to 4.4.2
http.response.line	Response line	Character string	1.12.0 to 4.4.2
http.response.phrase	Response Phrase	Character string	1.6.0 to 4.4.2
http.response.version	Response Version	Character string	2.6.0 to 4.4.2
http.response_for.uri	Request URI	Character string	2.6.7 to 4.2.9
http.response_in	Response in frame	Frame number	1.10.0 to 4.4.2
http.response_number	Response number	Unsigned integer (32 bits)	2.0.0 to 4.2.9
http.sec_websocket_accept	Sec-WebSocket-Accept	Character string	1.8.0 to 4.4.2
http.sec_websocket_extensions	Sec-WebSocket-Extensions	Character string	1.8.0 to 4.4.2
http.sec_websocket_key	Sec-WebSocket-Key	Character string	1.8.0 to 4.4.2
http.sec_websocket_protocol	Sec-WebSocket-Protocol	Character string	1.8.0 to 4.4.2
http.sec_websocket_version	Sec-WebSocket-Version	Character string	1.8.0 to 4.4.2
http.server	Server	Character string	1.0.0 to 4.4.2
http.set_cookie	Set-Cookie	Character string	1.0.0 to 4.4.2
http.ssl_port	Unencrypted HTTP protocol detected over encrypted port, could indicate a dangerous misconfiguration.	Label	2.0.0 to 2.6.20
http.subdissector_failed	HTTP body subdissector failed, trying heuristic subdissector	Label	1.12.0 to 4.4.2
http.te_and_length	The Content-Length and Transfer-Encoding header must not be set together	Label	2.2.0 to 4.4.2
http.te_unknown	Unknown transfer coding name in Transfer-Encoding header	Label	2.2.0 to 4.4.2
http.time	Time since request	Time offset	1.10.0 to 4.4.2
http.tls_port	Unencrypted HTTP protocol detected over encrypted port, could indicate a dangerous misconfiguration.	Label	3.0.0 to 4.4.2
http.transfer_encoding	Transfer-Encoding	Character string	1.0.0 to 4.4.2
http.unknown_header	Unknown header	Character string	2.0.0 to 4.4.2
http.upgrade	Upgrade	Character string	1.8.0 to 4.4.2
http.user_agent	User-Agent	Character string	1.0.0 to 4.4.2
http.www_authenticate	WWW-Authenticate	Character string	1.0.0 to 4.4.2
http.x_forwarded_for	X-Forwarded-For	Character string	1.0.0 to 4.4.2