WebSocket explained

WebSocket is a computer communications protocol, providing a simultaneous two-way communication channel over a single Transmission Control Protocol (TCP) connection. The WebSocket protocol was standardized by the IETF as in 2011. The current specification allowing web applications to use this protocol is known as WebSockets.^[1] It is a living standard maintained by the WHATWG and a successor to The WebSocket API from the W3C.^[2]

WebSocket is distinct from HTTP used to serve most webpages. Although they are different, states that WebSocket "is designed to work over HTTP ports 443 and 80 as well as to support HTTP proxies and intermediaries", thus making it compatible with HTTP. To achieve compatibility, the WebSocket handshake uses the HTTP Upgrade header^[3] to change from the HTTP protocol to the WebSocket protocol.

The WebSocket protocol enables full-duplex interaction between a web browser (or other client application) and a web server with lower overhead than half-duplex alternatives such as HTTP polling, facilitating real-time data transfer from and to the server. This is made possible by providing a standardized way for the server to send content to the client without being first requested by the client, and allowing messages to be passed back and forth while keeping the connection open. In this way, a two-way ongoing conversation can take place between the client and the server. The communications are usually done over TCP port number 443 (or 80 in the case of unsecured connections), which is beneficial for environments that block non-web Internet connections using a firewall. Additionally, WebSocket enables streams of messages on top of TCP. TCP alone deals with streams of bytes with no inherent concept of a message. Similar two-way browser–server communications have been achieved in non-standardized ways using stopgap technologies such as Comet or Adobe Flash Player.^[4]

Most browsers support the protocol, including Google Chrome, Firefox, Microsoft Edge, Internet Explorer, Safari and Opera.^[5]

The WebSocket protocol specification defines ws (WebSocket) and wss (WebSocket Secure) as two new uniform resource identifier (URI) schemes^[6] that are used for unencrypted and encrypted connections respectively. Apart from the scheme name and fragment (i.e. # is not supported), the rest of the URI components are defined to use URI generic syntax.^[7]

History

WebSocket was first referenced as TCPConnection in the HTML5 specification, as a placeholder for a TCP-based socket API.^[8] In June 2008, a series of discussions were led by Michael Carter that resulted in the first version of the protocol known as WebSocket.^[9] Before WebSocket, port 80 full-duplex communication was attainable using Comet channels; however, Comet implementation is nontrivial, and due to the TCP handshake and HTTP header overhead, it is inefficient for small messages. The WebSocket protocol aims to solve these problems without compromising the security assumptions of the web.The name "WebSocket" was coined by Ian Hickson and Michael Carter shortly thereafter through collaboration on the #whatwg IRC chat room,^[10] and subsequently authored for inclusion in the HTML5 specification by Ian Hickson. In December 2009, Google Chrome 4 was the first browser to ship full support for the standard, with WebSocket enabled by default.^[11] Development of the WebSocket protocol was subsequently moved from the W3C and WHATWG group to the IETF in February 2010, and authored for two revisions under Ian Hickson.^[12]

After the protocol was shipped and enabled by default in multiple browsers, the was finalized under Ian Fette in December 2011.

introduced compression extension to WebSocket using the DEFLATE algorithm on a per-message basis.

Client example

Server example

from socket import socketfrom base64 import b64encodefrom hashlib import sha1

MAGIC = b"258EAFA5-E914-47DA-95CA-C5AB0DC85B11"

1. Create socket and listen at port 80

ws = socketws.bind(("", 80))ws.listenconn, addr = ws.accept

1. Parse request

for line in conn.recv(4096).split(b"\r\n"): if line.startswith(b"Sec-WebSocket-Key"): nonce = line.split(b":")[1].strip

1. Format response

response = f"""\HTTP/1.1 101 Switching ProtocolsUpgrade: websocketConnection: UpgradeSec-WebSocket-Accept:

"""

conn.send(response.replace("\n", "\r\n").encode)

while True: # decode messages from the client header = conn.recv(2) FIN = bool(header[0] & 0x80) # bit 0 assert FIN

1, "We only support unfragmented messages" opcode = header[0] & 0xf # bits 4-7 assert opcode

1 or opcode

2, "We only support data messages" masked = bool(header[1] & 0x80) # bit 8 assert masked, "The client must mask all frames" payload_size = header[1] & 0x7f # bits 9-15 assert payload_size <= 125, "We only support small messages" masking_key = conn.recv(4) payload = bytearray(conn.recv(payload_size)) for i in range(payload_size): payload[i] = payload[i] ^ masking_key[i % 4] print(payload)

Web API

A web application (e.g. web browser) may use the WebSocket interface to connect to a WebSocket server.

WebSocket web API specification!Type!Name^[13] !Description

Constructor	ws = new '''WebSocket'''(url [, protocols ])	Start opening handshake with a WebSocket server.[14] url: A string containing: Scheme: must be ws, wss, http or https. Server hostname. Optional server port: If not specified, 80 is used for ws/http and 443 for wss/https. Optional path. No fragment. There must not be any fragment, otherwise SyntaxError is thrown. Optional protocols: A string or an array of strings used as the value for the Sec-WebSocket-Protocol header.
Method	ws.'''send'''(data)	Send data. data must be string, Blob, ArrayBuffer or ArrayBufferView. Throw InvalidStateError if ws.readyState is WebSocket.CONNECTING.
	ws.'''close'''([ code ] [, reason ])	Start closing handshake.[15] Optional code: If specified, must be 1000 (normal closure) or in the range 3000 to 4999 (application-defined), otherwise InvalidAccessError is thrown. If not specified, 1000 is used. Optional reason: If specified, must be a string not longer than 123 bytes (UTF-8), otherwise SyntaxError is thrown. If not specified, an empty string is used.
Event	ws.'''onopen''' = (event) => {}ws.addEventListener('''"open"''', (event) => {})	Opening handshake succeeded. event type is Event.
	ws.'''onmessage''' = (event) => {}{{nowrap|ws.addEventListener('''"message"''', (event) <nowiki>=></nowiki> {})}}|Data received. event type is MessageEvent. event.data contains the data received, of type:[16] String for text. Blob or ArrayBuffer for binary (see ws.binaryType). |-|ws.'''onclose''' = (event) => {}ws.addEventListener('''"close"''', (event) => {})|The underlying TCP connection closed. event type is CloseEvent containing:[17] [18] [19] [20] event.code: status code (integer). event.reason: reason for closing (string). event.wasClean: true if the TCP connection was closed after the closing handshake was completed; false otherwise. Note: If the received Close frame contains a payload: the payload data contains event.code and event.reason. If the received Close frame contains no payload: event.code is 1005 (no code received) and event.reason is an empty string. If no Close frame was received: event.code is 1006 (connection closed abnormally) and event.reason is an empty string. |-|ws.'''onerror''' = (event) => {}ws.addEventListener('''"error"''', (event) => {})|Connection closed due to error. event type is Event.|-|Attribute|ws.'''binaryType'''|A string indicating the type of event.data in ws.onmessage when binary data is received. Initially set to "blob" (Blob object). May be changed to "arraybuffer" (ArrayBuffer object).|-| rowspan="5" |Read-only attribute|ws.'''url'''|The URL given to the WebSocket constructor.|-|ws.'''bufferedAmount'''|The number of bytes waiting to be transmitted.|-|ws.'''protocol'''|The protocol accepted by the server, or an empty string if the client did not specify protocols in the WebSocket constructor.|-|ws.'''extensions'''|The extensions accepted by the server.|-|ws.'''readyState'''|The connection state. It is one of the constants below.|-| rowspan="4" |Constant|WebSocket.'''CONNECTING''' = 0|Waiting opening handshake.[21] [22] |-|WebSocket.'''OPEN''' = 1|Opening handshake succeeded. The client and server may message each other.[23] [24] |-|WebSocket.'''CLOSING''' = 2|Waiting closing handshake. Either ws.close was called or the server sent a Close frame.[25] [26] |-|WebSocket.'''CLOSED''' = 3|The underlying TCP connection is closed.[27] |} Protocol Steps: Opening handshake (HTTP request + HTTP response) to establish a connection. Data messages to transfer application data. Closing handshake (two Close frames) to close the connection. Opening handshake The client sends an HTTP request (method GET, version ≥ 1.1) and the server returns an HTTP response with status code 101 (Switching Protocols) on success. This means a WebSocket server can use the same port as HTTP (80) and HTTPS (443) because the handshake is compatible with HTTP.[28] HTTP headers! !Header!Value!Mandatory Origin [29] Host rowspan="6" Sec-WebSocket-Version 13[30] Sec-WebSocket-Key base64-encode(16-byte random nonce)[31] Sec-WebSocket-Accept base64-encode(sha1(Sec-WebSocket-Key +))[32] Connection Upgrade[33] [34] Upgrade websocket[35] [36] Sec-WebSocket-Protocol The request may contain a comma-separated list of strings (ordered by preference) indicating application-level protocols (built on top of WebSocket data messages) the client wishes to use.[37] If the client sends this header, the server response must be one of the values from the list. rowspan="3" Sec-WebSocket-Extensions Other headers Example request:[38] GET /chat HTTP/1.1Host: server.example.comUpgrade: websocketConnection: UpgradeSec-WebSocket-Key: x3JJHMbDL1EzLkh9GBhXDw Sec-WebSocket-Protocol: chat, superchatSec-WebSocket-Version: 13Origin: http://example.com Example response: HTTP/1.1 101 Switching ProtocolsUpgrade: websocketConnection: UpgradeSec-WebSocket-Accept: HSmrc0sMlYUkAGmm5OPpG2HaGWk=Sec-WebSocket-Protocol: chat In HTTP each line ends in \r\n and the last line is empty. Calculate Sec-WebSocket-Accept using Sec-WebSocket-Key from base64 import b64encodefrom hashlib import sha1from os import urandom key = b64encode(urandom(16)) # Client should do this key = b"x3JJHMbDL1EzLkh9GBhXDw " # Value in example request abovemagic = b"258EAFA5-E914-47DA-95CA-C5AB0DC85B11" # Protocol constantprint(b64encode(sha1(key + magic).digest)) Output: HSmrc0sMlYUkAGmm5OPpG2HaGWk= Once the connection is established, communication switches to a binary frame-based protocol which does not conform to the HTTP protocol. Sec-WebSocket-Key and Sec-WebSocket-Accept are intended to prevent a caching proxy from re-sending a previous WebSocket conversation,[39] and does not provide any authentication, privacy, or integrity. Though some servers accept a short Sec-WebSocket-Key, many modern servers will reject the request with error "invalid Sec-WebSocket-Key header". Frame-based message After the opening handshake, the client and server can, at any time, send messages to each other, such as data messages (text or binary) and control messages (close, ping, pong). A message is composed of one or more frames. Fragmentation allows a message to be split into two or more frames. It enables sending messages with initial data available but complete length unknown. Without fragmentation, the whole message must be sent in one frame, so the complete length is needed before the first byte can be sent, which requires a buffer.[40] It also enables multiplexing several streams simultaneously (e.g. to avoid monopolizing a socket for a single large payload).[41] An unfragmented message consists of a single frame with FIN = 1 and opcode ≠ 0. A fragmented message consists of a single frame with FIN = 0 and opcode ≠ 0, followed by zero or more frames with FIN = 0 and opcode = 0, and terminated by a single frame with FIN = 1 and opcode = 0. Frame structure Index (in bits) Field Size (in bits) Description 0 FIN[42] 1 1 RSV1 1 Must be 0 unless defined by an extension.[43] 2 RSV2 1 3 RSV3 1 4 Opcode 4 See opcodes below. 8 Masked[44] 1 See client-to-server masking below. 9 Payload length[45] 7, 7+16 or 7+64 Length of the payload (extension data + application data) in bytes. Endianness is big-endian. Signedness is unsigned. The minimum number of bits must be used to encode the length. Varies Masking key 0 or 32 A server must not mask any frames sent to the client.[46] Frame masking applies XOR between the masking key (a four-byte random nonce) and the payload data. The following algorithm is used to mask/unmask a frame:[47] for i = 0 to payload_length - 1 payload[i] = payload[i] xor masking_key[i modulo 4] Payload Extension data Payload length (in bytes) Must be empty unless defined by an extension. Application data on the opcode. Opcodes Frame type Opcode RelatedWeb API Description Purpose Max. payload length Continuation 0 Identifies an intermediate frame of a fragmented message. bytes Data frame Text 1 send, UTF-8 encoded application text. Application data rowspan="2" Binary 2 Application binary data. 3–7 Control frame Close 8 close, onclose A Close frame is sent to start the closing handshake which may prevent data loss by complementing the TCP closing handshake.[48] No frame can be sent after a Close frame. If a Close frame is received and no prior Close frame was sent, a response Close frame with the same payload must be sent. The payload is optional, but if present, it must start with a two-byte big-endian unsigned integer reason code, optionally followed by a UTF-8 encoded reason message not longer than 123 bytes.[49] Protocol state 125 bytes Ping 9 , keepalive and heartbeat. Both sides can initiate a ping (with any payload). Whoever receives it must immediately send back a pong with the same payload. A pong should be ignored if no prior ping was sent.[50] [51] Pong 10 11–15 Status codes Range[52] Allowed in Close frame Code[53] Description 0–999 1000–2999 (Protocol) 1000 Normal closure. 1001 Going away (e.g. browser tab closed). 1002 Protocol error. 1003 Unsupported data (e.g. endpoint only understands text but received binary). 1004 1005 No code received. 1006 Connection closed abnormally (closing handshake did not occur). 1007 Invalid payload data (e.g. non UTF-8 data in a text message). 1008 Policy violated. 1009 Message too big. 1010 Unsupported extension. The client should write the extensions it expected the server to support in the payload. 1011 Internal server error. 1015 TLS handshake failure. 3000–3999 Used by libraries, frameworks and applications. 4000–4999 Private use. Browser support A secure version of the WebSocket protocol is implemented in Firefox 6,[54] Safari 6, Google Chrome 14,[55] Opera 12.10 and Internet Explorer 10.[56] A detailed protocol test suite report[57] lists the conformance of those browsers to specific protocol aspects. An older, less secure version of the protocol was implemented in Opera 11 and Safari 5, as well as the mobile version of Safari in iOS 4.2.[58] The BlackBerry Browser in OS7 implements WebSockets.[59] Because of vulnerabilities, it was disabled in Firefox 4 and 5,[60] and Opera 11.[61] Using browser developer tools, developers can inspect the WebSocket handshake as well as the WebSocket frames.[62] Draft date Internet Explorer Firefox[63] (PC) Firefox (Android) Chrome (PC, Mobile) Safari (Mac, iOS) Opera (PC, Mobile) Android Browser hixie-75 February 4, 2010 4 5.0.0 hixie-76 hybi-00 May 6, 2010 May 23, 2010 4.0 (disabled) 6 5.0.1 11.00 (disabled) hybi-07, v7 April 22, 2011 6[64] hybi-10, v8 July 11, 2011 7[65] 7 14[66] , v13 December, 2011 10[67] 11 11 16[68] 6 12.10[69] 4.4 Server implementations Nginx has supported WebSockets since 2013, implemented in version 1.3.13[70] including acting as a reverse proxy and load balancer of WebSocket applications.[71] Apache HTTP Server has supported WebSockets since July, 2013, implemented in version 2.4.5[72] [73] Internet Information Services added support for WebSockets in version 8 which was released with Windows Server 2012.[74] lighttpd has supported WebSockets since 2017, implemented in lighttpd 1.4.46.[75] lighttpd mod_proxy can act as a reverse proxy and load balancer of WebSocket applications. lighttpd mod_wstunnel can act as a WebSocket endpoint to transmit arbitrary data, including in JSON format, to a backend application. lighttpd supports WebSockets over HTTP/2 since 2022, implemented in lighttpd 1.4.65.[76] Security considerations Unlike regular cross-domain HTTP requests, WebSocket requests are not restricted by the same-origin policy. Therefore, WebSocket servers must validate the "Origin" header against the expected origins during connection establishment, to avoid cross-site WebSocket hijacking attacks (similar to cross-site request forgery), which might be possible when the connection is authenticated with cookies or HTTP authentication. It is better to use tokens or similar protection mechanisms to authenticate the WebSocket connection when sensitive (private) data is being transferred over the WebSocket.[77] A live example of vulnerability was seen in 2020 in the form of Cable Haunt. Proxy traversal WebSocket protocol client implementations try to detect whether the user agent is configured to use a proxy when connecting to destination host and port, and if it is, uses HTTP CONNECT method to set up a persistent tunnel. While the WebSocket protocol itself is unaware of proxy servers and firewalls, it features an HTTP-compatible handshake, thus allowing HTTP servers to share their default HTTP and HTTPS ports (80 and 443 respectively) with a WebSocket gateway or server. The WebSocket protocol defines a ws:// and wss:// prefix to indicate a WebSocket and a WebSocket Secure connection respectively. Both schemes use an HTTP upgrade mechanism to upgrade to the WebSocket protocol. Some proxy servers are transparent and work fine with WebSocket; others will prevent WebSocket from working correctly, causing the connection to fail. In some cases, additional proxy-server configuration may be required, and certain proxy servers may need to be upgraded to support WebSocket. If unencrypted WebSocket traffic flows through an explicit or a transparent proxy server without WebSockets support, the connection will likely fail.[78] If an encrypted WebSocket connection is used, then the use of Transport Layer Security (TLS) in the WebSocket Secure connection ensures that an HTTP CONNECT command is issued when the browser is configured to use an explicit proxy server. This sets up a tunnel, which provides low-level end-to-end TCP communication through the HTTP proxy, between the WebSocket Secure client and the WebSocket server. In the case of transparent proxy servers, the browser is unaware of the proxy server, so no HTTP CONNECT is sent. However, since the wire traffic is encrypted, intermediate transparent proxy servers may simply allow the encrypted traffic through, so there is a much better chance that the WebSocket connection will succeed if WebSocket Secure is used. Using encryption is not free of resource cost, but often provides the highest success rate, since it would be travelling through a secure tunnel. A mid-2010 draft (version hixie-76) broke compatibility with reverse proxies and gateways by including eight bytes of key data after the headers, but not advertising that data in a Content-Length: 8 header.[79] This data was not forwarded by all intermediates, which could lead to protocol failure. More recent drafts (e.g., hybi-09[80]) put the key data in a Sec-WebSocket-Key header, solving this problem. See also BOSH Comparison of WebSocket implementations Network socket Push technology Server-sent events XMLHttpRequest HTTP/2 Internet protocol suite WebRTC External links IETF Hypertext-Bidirectional (HyBi) working group The WebSocket protocol – Proposed Standard published by the IETF HyBi Working Group The WebSocket protocol – Internet-Draft published by the IETF HyBi Working Group The WebSocket protocol – Original protocol proposal by Ian Hickson The WebSocket API – W3C Working Draft specification of the API The WebSocket API – W3C Candidate Recommendation specification of the API WebSocket.org WebSocket demos, loopback tests, general information and community

Notes and References

1. Web site: WebSockets Standard . 2022-05-16 . websockets.spec.whatwg.org . 2023-03-12 . https://web.archive.org/web/20230312232711/https://websockets.spec.whatwg.org/ . live .
2. Web site: The WebSocket API . 2022-05-16 . www.w3.org . en . 2022-06-08 . https://web.archive.org/web/20220608221509/https://www.w3.org/TR/2021/NOTE-websockets-20210128/Overview.html . live .
3. RFC 6455 The WebSocket Protocol . . 1.7 . Relationship to TCP and HTTP . 6455 . December 2011. Ian Fette . Alexey Melnikov.
4. Web site: Adobe Flash Platform – Sockets . 2021-07-28 . help.adobe.com . TCP connections require a "client" and a "server". Flash Player can create client sockets. . 2021-04-18 . https://web.archive.org/web/20210418211002/https://help.adobe.com/en_US/as3/dev/WSb2ba3b1aad8a27b0-181c51321220efd9d1c-8000.html . live .
5. Web site: 2023-04-06 . The WebSocket API (WebSockets) . live . https://web.archive.org/web/20210728161324/https://developer.mozilla.org/en-US/docs/Web/API/WebSockets_API . 2021-07-28 . 2021-07-26 . MDN Web Docs . Mozilla Developer Network . en-US.
6. Web site: IANA Uniform Resource Identifier (URI) Schemes . . 2011-11-14 . 2011-12-10 . Graham Klyne . 2013-04-25 . https://web.archive.org/web/20130425164755/http://www.iana.org/assignments/uri-schemes.html . live .
7. RFC 6455 The WebSocket Protocol . . 3 . WebSocket URIs . 6455 . December 2011 . Ian Fette . Alexey Melnikov.
8. Web site: HTML 5. www.w3.org. 2016-04-17. 2016-09-16. https://web.archive.org/web/20160916071246/http://www.w3.org/TR/2008/WD-html5-20080610/comms.html#tcp-connections. live.
9. Web site: [whatwg] TCPConnection feedback from Michael Carter on 2008-06-18 (whatwg.org from June 2008)]. lists.w3.org. 2016-04-17. 2016-04-27. https://web.archive.org/web/20160427004936/https://lists.w3.org/Archives/Public/public-whatwg-archive/2008Jun/0165.html. live.
10. Web site: IRC logs: freenode / #whatwg / 20080618. krijnhoetmer.nl. 2016-04-18. 2016-08-21. https://web.archive.org/web/20160821040755/http://krijnhoetmer.nl/irc-logs/whatwg/20080618#l-1145. live.
11. Web site: Web Sockets Now Available In Google Chrome. Chromium Blog. en-US. 2016-04-17. 2021-12-09. https://web.archive.org/web/20211209195505/https://blog.chromium.org/2009/12/web-sockets-now-available-in-google.html. live.
12. The WebSocket protocol. . Ian Hickson. Ietf Datatracker. 6 May 2010. 2016-04-17. 2017-03-17. https://web.archive.org/web/20170317201023/https://tools.ietf.org/html/draft-hixie-thewebsocketprotocol-75. live.
13. Web site: Interface definition . WHATWG . 2024-04-10 . 2023-03-12 . https://web.archive.org/web/20230312232711/https://websockets.spec.whatwg.org/#interface-definition . live .
14. Web site: new WebSocket(url, protocols) . WHATWG . 2024-04-30 . 2023-03-12 . https://web.archive.org/web/20230312232711/https://websockets.spec.whatwg.org/#dom-websocket-websocket . live .
15. Web site: close(code, reason) . WHATWG . 2024-04-10 . 2023-03-12 . https://web.archive.org/web/20230312232711/https://websockets.spec.whatwg.org/#dom-websocket-close . live .
16. Web site: When a WebSocket message has been received . WHATWG . 2024-04-13 . 2023-03-12 . https://web.archive.org/web/20230312232711/https://websockets.spec.whatwg.org/#ref-for-page-66:~:text=_A%20WebSocket%20Message%20Has%20Been%20Received_ . live .
17. Web site: When the WebSocket connection is closed; substep 3. . WHATWG . 2024-04-13 . 2023-03-12 . https://web.archive.org/web/20230312232711/https://websockets.spec.whatwg.org/#closeWebSocket . live .
18. 6455. The WebSocket Connection is Closed. 7.1.4.
19. 6455. The WebSocket Connection Close Code. 7.1.5.
20. 6455. The WebSocket Connection Close Reason. 7.1.6.
21. Web site: CONNECTING . WHATWG . 2024-04-13 . 2023-03-12 . https://web.archive.org/web/20230312232711/https://websockets.spec.whatwg.org/#ref-for-dom-websocket-connecting%E2%91%A0 . live .
22. 6455. Client Requirements. 4.1. 14.
23. Web site: OPEN . WHATWG . 2024-04-10 . 2023-03-12 . https://web.archive.org/web/20230312232711/https://websockets.spec.whatwg.org/#dom-websocket-open . live .
24. 6455. _The WebSocket Connection is Established_. 20.
25. Web site: CLOSING . WHATWG . 2024-04-10 . 2023-03-12 . https://web.archive.org/web/20230312232711/https://websockets.spec.whatwg.org/#dom-websocket-closing . live .
26. 6455. The WebSocket Closing Handshake is Started. 7.1.3.
27. Web site: CLOSED. WHATWG. 2024-04-10. 2023-03-12. https://web.archive.org/web/20230312232711/https://websockets.spec.whatwg.org/#dom-websocket-closed. live.
28. Opening Handshake. 6455. 1.3.
29. 6455. 18. Client requirement 8...
30. 6455. Client requirement 9... 18.
31. 6455. 18. Client requirement 7...
32. 6455. Server step 5.4... 24.
33. 6455. Client requirement 6... 18.
34. 6455. Server step 5.3.. 24.
35. 6455. Client requirement 5... 17.
36. 6455. Server step 5.2.. 24.
37. 6455. Client requirement 10... 18.
38. Protocol Overview. 1.2. 6455.
39. Web site: Main Goal of WebSocket protocol . 25 July 2015 . IETF . The computation [...] is meant to prevent a caching intermediary from providing a WS-client with a cached WS-server reply without actual interaction with the WS-server. . 22 April 2016 . https://web.archive.org/web/20160422042232/https://trac.tools.ietf.org/wg/hybi/trac/wiki/FAQ . live .
40. 5.4. 6455. Fragmentation.
41. draft-ietf-hybi-websocket-multiplexing. A Multiplexing Extension for WebSockets. John A. Tamplin. Takeshi Yoshino. IETF. 2013.
42. 6455. FIN. 28.
43. 6455. RSV1, RSV2, RSV3. 28.
44. 6455. Mask. 29.
45. 6455. Payload length. 29.
46. Overview. 5.1. 6455.
47. Client-to-Server Masking. 5.3. 6455.
48. Closing Handshake. 1.4. 6455.
49. Close. 5.5.1. 6455.
50. Ping. 5.5.2. 6455.
51. Pong. 5.5.3. 6455.
52. 7.4.2. 6455. Reserved Status Code Ranges.
53. 7.4.1. 6455. Defined Status Codes.
54. Web site: WebSocket enabled in Firefox 6 . Dirkjan Ochtman . May 27, 2011 . Mozilla.org . 2011-06-30 . 2012-05-26 . https://web.archive.org/web/20120526230019/https://developer.mozilla.org/en/WebSockets . dead .
55. Web site: Chromium Web Platform Status . 2011-08-03 . 2017-03-04 . https://web.archive.org/web/20170304203008/http://www.chromium.org/developers/web-platform-status . live .
56. Web site: WebSockets (Windows) . Microsoft . 2012-09-28 . 2012-11-07 . 2015-03-25 . https://web.archive.org/web/20150325091443/https://msdn.microsoft.com/en-us/library/ie/hh673567(v=vs.85).aspx . live .
57. Web site: WebSockets Protocol Test Report . Tavendo.de . 2011-10-27 . 2011-12-10 . 2016-09-22 . https://web.archive.org/web/20160922040928/http://autobahn.ws/testsuite/reports/clients/index.html . dead .
58. Web site: Apple adds accelerometer, WebSockets support to Safari in iOS 4.2 . Katie Marsal . November 23, 2010 . AppleInsider.com . 2011-05-09 . 2011-03-01 . https://web.archive.org/web/20110301114256/http://www.appleinsider.com/articles/10/11/23/apple_adds_accelerometer_websockets_support_to_safari_in_ios_4_2.html . live .
59. Web site: Web Sockets API . . 8 July 2011 . dead . https://web.archive.org/web/20110610191150/http://docs.blackberry.com/en/developers/deliverables/29271/Web_Sockets_support_1582781_11.jsp . June 10, 2011 .
60. Web site: WebSocket disabled in Firefox 4 . Chris Heilmann . December 8, 2010 . Hacks.Mozilla.org . 2011-05-09 . 2017-03-06 . https://web.archive.org/web/20170306114251/https://hacks.mozilla.org/2010/12/websockets-disabled-in-firefox-4/ . live .
61. Web site: Regarding WebSocket . Aleksander Aas . December 10, 2010 . My Opera Blog . 2011-05-09 . https://web.archive.org/web/20101215010748/http://my.opera.com/chooseopera/blog/2010/12/10/regarding-websocket. 2010-12-15.
62. Book: Wang . Vanessa . Salim . Frank . Moskovits . Peter . The Definitive Guide to HTML5 WebSocket . http://my.safaribooksonline.com/book/-/9781430247401/appendix-a-inspecting-websocket-traffic/sec1_xhtml . 7 April 2013 . February 2013 . Apress . 978-1-4302-4740-1 . APPENDIX A: WebSocket Frame Inspection with Google Chrome Developer Tools . 31 December 2015 . https://web.archive.org/web/20151231184436/http://my.safaribooksonline.com/book/-/9781430247401/appendix-a-inspecting-websocket-traffic/sec1_xhtml . dead .
63. Web site: WebSockets (support in Firefox) . Mozilla Foundation . developer.mozilla.org . 2011-09-30 . 2011-12-10 . 2012-05-26 . https://web.archive.org/web/20120526230019/https://developer.mozilla.org/en/WebSockets . dead .
64. Web site: Bug 640003 - WebSockets - upgrade to ietf-06 . Mozilla Foundation . 2011-03-08 . 2011-12-10 . 2021-04-01 . https://web.archive.org/web/20210401044535/https://bugzilla.mozilla.org/show_bug.cgi?id=640003 . live .
65. Web site: Bug 640003 - WebSockets - upgrade to ietf-07(comment 91). Mozilla Foundation. 2011-07-22. 2011-07-28. 2021-04-01. https://web.archive.org/web/20210401044535/https://bugzilla.mozilla.org/show_bug.cgi?id=640003#c91. live.
66. Web site: Chromium bug 64470 . code.google.com . 2010-11-25 . 2011-12-10 . 2015-12-31 . https://web.archive.org/web/20151231184436/https://code.google.com/p/chromium/issues/detail?id=64470 . live .
67. Web site: WebSockets in Windows Consumer Preview . Microsoft . IE Engineering Team . 2012-03-19 . 2012-07-23 . 2015-09-06 . https://web.archive.org/web/20150906135037/http://blogs.msdn.com/b/ie/archive/2012/03/19/websockets-in-windows-consumer-preview.aspx . live .
68. Web site: WebKit Changeset 97247: WebSocket: Update WebSocket protocol to hybi-17 . trac.webkit.org . 2011-12-10 . 2012-01-05 . https://web.archive.org/web/20120105121750/http://trac.webkit.org/changeset/97249 . live .
69. Web site: A hot Opera 12.50 summer-time snapshot . Opera Developer News . 2012-08-03 . 2012-08-03. https://web.archive.org/web/20120805234006/http://my.opera.com/ODIN/blog/2012/08/03/a-hot-opera-12-50-summer-time-snapshot. 2012-08-05.
70. Web site: Welcome to nginx! . nginx.org . 3 February 2022 . https://archive.today/20120717014311/http://nginx.org/en/CHANGES . 17 July 2012 . dead.
71. Web site: Using NGINX as a WebSocket Proxy. May 17, 2014. NGINX. November 3, 2019. October 6, 2019. https://web.archive.org/web/20191006062348/https://www.nginx.com/blog/websocket-nginx/. live.
72. Web site: Overview of new features in Apache HTTP Server 2.4. Apache. 2021-01-26. 2020-11-11. https://web.archive.org/web/20201111201741/http://httpd.apache.org/docs/trunk/new_features_2_4.html. live.
73. Web site: Changelog Apache 2.4. Apache Lounge. 2021-01-26. 2021-01-22. https://web.archive.org/web/20210122162741/https://www.apachelounge.com/Changelog-2.4.html. live.
74. Web site: IIS 8.0 WebSocket Protocol Support . 28 November 2012 . Microsoft Docs . 2020-02-18 . 2020-02-18 . https://web.archive.org/web/20200218153735/https://docs.microsoft.com/en-us/iis/get-started/whats-new-in-iis-8/iis-80-websocket-protocol-support . live .
75. Web site: Release-1 4 46 - Lighttpd - lighty labs . 2020-12-29 . 2021-01-16 . https://web.archive.org/web/20210116155634/https://redmine.lighttpd.net/projects/lighttpd/wiki/Release-1_4_46 . live .
76. Web site: Release-1 4 65 - Lighttpd - lighty labs . 2024-05-03 . 2024-05-03 . https://web.archive.org/web/20240503061036/https://redmine.lighttpd.net/projects/lighttpd/wiki/Release-1_4_65 . live .
77. Web site: Cross-Site WebSocket Hijacking (CSWSH) . Christian Schneider . Web Application Security Blog . August 31, 2013 . December 30, 2015 . December 31, 2016 . https://web.archive.org/web/20161231061757/http://www.christian-schneider.net/CrossSiteWebSocketHijacking.html#main . live .
78. Web site: How HTML5 Web Sockets Interact With Proxy Servers . Infoq.com . March 16, 2010 . C4Media Inc. . Peter Lubbers . 2011-12-10 . 2016-05-08 . https://web.archive.org/web/20160508202722/http://www.infoq.com/articles/Web-Sockets-Proxy-Servers . live .
79. Web site: WebSocket -76 is incompatible with HTTP reverse proxies . ietf.org . Internet Engineering Task Force . 2010-07-06 . 2011-12-10 . Willy Tarreau . email . 2016-09-17 . https://web.archive.org/web/20160917063052/http://www.ietf.org/mail-archive/web/hybi/current/msg02149.html . live .
80. The WebSocket protocol, draft hybi-09 . Sec-WebSocket-Key . 11.4 . June 13, 2011 . June 15, 2011 . Ian Fette .