What is Sec-WebSocket-Key for?

Question

In section 1.3 \"Opening Handshake\" of draft-ietf-hybi-thewebsocketprotocol-17, it describes Sec-WebSocket-Key as follows:

To prove that the

Answer 1

What the RFC is unclear about is that the "Sec-WebSocket-Key" header from the client should be random on each request. Which means any cached result from a proxy will contain an invalid "Sec-WebSocket-Accept" reply header and thus the websocket connection will fail instead of reading cached data unintentionally.