SecWebSocketKey - Infinite Lexicon - Infinite Lexicon

SecWebSocketKey

SecWebSocketKey is an HTTP header field used by the WebSocket protocol during the opening handshake. Defined in RFC 6455, it is supplied by the client and later echoed back as part of the Sec-WebSocket-Accept response from the server to prove that the connection is intended for WebSocket.

The value is a base64-encoded representation of 16 random bytes produced by the client. It is not

On the server side, the Sec-WebSocket-Key is processed by appending the fixed GUID 258EAFA5-E914-47DA-95CA-C5AB0DC85B11, computing the

Role and lifecycle: Sec-WebSocket-Key is only used during the initial handshake. After the connection is upgraded,

Interoperability and considerations: Implementations should generate a cryptographically secure random key and validate the computed Accept

a

base64-encoding

Sec-WebSocket-Accept

a

a