What is Sec-WebSocket-Key for?

Technology CommunityCategory: WebSocketsWhat is Sec-WebSocket-Key for?
VietMX Staff asked 3 years ago

The Sec-WebSocket-Key header field is used in the WebSocket opening handshake. It is sent from the client to the server to provide part of the information used by the server to prove that it received a valid WebSocket opening handshake. This helps ensure that the server does not accept connections from non-WebSocket clients (e.g., HTTP clients) that are being abused to send data to unsuspecting WebSocket servers.

It does not provide any security (secure websockets – wss:// – does), it just ensures that server understands websockets protocol.