assertThat(formEncode(8)).isEqualTo("%08")
    assertThat(formEncode(9)).isEqualTo("%09")
    // Browsers convert '\n' to '\r\n'
    assertThat(formEncode(10)).isEqualTo("%0A")
    assertThat(formEncode(11)).isEqualTo("%0B")
    assertThat(formEncode(12)).isEqualTo("%0C")
    // Browsers convert '\r' to '\r\n'
    assertThat(formEncode(13)).isEqualTo("%0D")
    assertThat(formEncode(14)).isEqualTo("%0E")

    /**
     * Enumeration of supported browser types for user agent detection.
     * Each type represents a major browser family that can be detected
     * from the User-Agent header string.
     */
    public enum UserAgentType {
        /** Internet Explorer and Trident-based browsers */
        IE,
        /** Mozilla Firefox browser */
        FIREFOX,
        /** Google Chrome browser */
        CHROME,

   * {@code co.uk}, {@code google.invalid}, or {@code blogspot.com}.
   *
   * <p>This method can be used to determine whether it will probably be possible to set cookies on
   * the domain, though even that depends on individual browsers' implementations of cookie
   * controls. See <a href="http://www.ietf.org/rfc/rfc2109.txt">RFC 2109</a> for details.
   *
   * @since 6.0
   */
  public boolean isUnderPublicSuffix() {

* SSE - [Server-sent events](https://html.spec.whatwg.org/multipage/server-sent-events.html#server-sent-events)

Where the spec is ambiguous, OkHttp follows modern user agents such as popular Browsers or common HTTP Libraries.

OkHttp is principled and avoids being overly configurable, especially when such configuration is
to workaround a buggy server, test invalid scenarios or that contradict the relevant RFC.

    // 3) Caller specified but assuming the visible defaults in MODERN_CIPHER_SUITES are rejigged
    // to match legacy i.e. the platform/provider
    //
    // Opting for 2 here and keeping MODERN_TLS in line with secure browsers.
    cipherSuitesAsString.intersect(socketEnabledCipherSuites, CipherSuite.ORDER_BY_NAME)
  } else {
    socketEnabledCipherSuites
  }

internal fun MediaType?.chooseCharset(): Pair<Charset, MediaType?> {

  /** Returns true if this cookie should be limited to only HTTPS requests. */
  @get:JvmName("secure") val secure: Boolean,
  /**
   * Returns true if this cookie should be limited to only HTTP APIs. In web browsers this prevents
   * the cookie from being accessible to scripts.
   */
  @get:JvmName("httpOnly") val httpOnly: Boolean,
  /**
   * Returns true if this cookie does not expire at the end of the current session.
   *

 * direct translation of the pseudocode presented there.
 *
 * Partner this class with [UTS #46] to implement IDNA2008 [RFC 5890] like most browsers do.
 *
 * [RFC 3492]: https://datatracker.ietf.org/doc/html/rfc3492
 * [RFC 5890]: https://datatracker.ietf.org/doc/html/rfc5890
 * [UTS #46]: https://www.unicode.org/reports/tr46/
 */
object Punycode {

  /**
   * This is a non-standard media type, but is commonly used in serving hosted binary files as it is
   * <a href="http://code.google.com/p/browsersec/wiki/Part2#Survey_of_content_sniffing_behaviors">
   * known not to trigger content sniffing in current browsers</a>. It <i>should not</i> be used in
   * other situations as it is not specified by any RFC and does not appear in the <a

 * middle of the chain are called "intermediates". Organizations that offer certificate signing are
 * called certificate authorities (CAs).
 *
 * Browsers and other HTTP clients need a set of trusted root certificates to authenticate their
 * peers. Sets of root certificates are managed by either the HTTP client (like Firefox), or the

      }

      HTTP_CLIENT_TIMEOUT -> {
        // 408's are rare in practice, but some servers like HAProxy use this response code. The
        // spec says that we may repeat the request without modifications. Modern browsers also
        // repeat the request (even non-idempotent ones.)
        if (!client.retryOnConnectionFailure) {
          // The application layer has directed us not to retry the request.
          return null
        }