[heyjonboy]

"Note: Many pre-HTTP/1.1 user agents do not understand the 303 status."

The fact is there really aren't any pre-HTTP/1.1 browsers still in use. See: http://serverfault.com/questions/110932/are-there-internet-u...

Given that many web apps these days require javascript and CSS and HTTP/1.1 is over 12 years old, I don't think it's realistic to worry about clients that only support HTTP/1.0.

While 302 works in practice, it's safer to use 303, which works by definition.

[dangrossman]

The problem is that the browser is not the only client involved. Corporate/country/personal proxies, firewalls and antivirus software all sit in between some servers and clients, some of them still do not handle HTTP/1.1 correctly, and many of them will alter your headers in transit.

As your StackOverflow link mentions, Squid, a widely used proxy, is still only fully implemented for HTTP/1.0.

[pornel]

Corporate/country/personal proxies, firewalls and antivirus software don't perform redirects themselves, so they are irrelevant for status 303 support.

Today all clients that send HTTP/1.0 version support more than HTTP/1.0, e.g. HTTP/1.1 Host header is basically mandatory on the web.

HTTP/1.1 compliance requires some harder things like pipelining support, and full HTTP/1.1 caching proxy has a lot of hairy stuff to deal with (strong/weak cache validators, stitching of partial responses, Vary support, etc.).

You can have quite decent HTTP/1.1 implementation that still doesn't deserve to be called full HTTP/1.1.

[yuhong]

Yea, browsers old enough to not send a Host header are pretty much unusable on today's web without a proxy.