Does the order of headers in an HTTP response ever matter?

Is it ever meaningful whether the order of headers is

A: 1
B: 2

vs

B:2
A:1

I'm trying to figure out if I can use a dictionary to store a list of headers or if it needs to be some kind of list or ordered dictionary.

No, it does not matter for headers with different names. See RFC 2616, section 4.2:

> The order in which header fields with differing field names are received is not significant. However, it is "good practice" to send general-header fields first, followed by request-header or response- header fields, and ending with the entity-header fields.

It DOES matter, however, for multiple headers with the same name:

> Multiple message-header fields with the same field-name MAY be present in a message if and only if the entire field-value for that header field is defined as a comma-separated list [i.e., #(values)]. It MUST be possible to combine the multiple header fields into one "field-name: field-value" pair, without changing the semantics of the message, by appending each subsequent field-value to the first, each separated by a comma. The order in which header fields with the same field-name are received is therefore significant to the interpretation of the combined field value, and thus a proxy MUST NOT change the order of these field values when a message is forwarded.

The order of the headers should not matter. There might be "weaker" implementations of HTTP standard where the ordering does matter, but it shouldn't in general.

Here's a link that describes HTTP headers:

http://www.w3.org/Protocols/rfc2616/rfc2616-sec4.html#sec4.2

HTTP Headers are independent of each other and you can use a dictionary to store them without worrying about their order.

It could also matter when specifying set-cookie several times for the same cookie:

"Set-Cookie: COOKIE1=VALUE1; ...
"Set-Cookie: COOKIE1=VALUE2; ...

In this case, COOKIE1 will be set to VALUE2, and if the order is changed:

"Set-Cookie: COOKIE1=VALUE2; ...
"Set-Cookie: COOKIE1=VALUE1; ...

COOKIE1 will be set to VALUE1

RFC 7230, section 3.2.2: Field Order addresses this question specifically. Quotes here are from that section of the specification, with emphasis added by me:

> The order in which header fields with differing field names are received is not significant.

It goes on to qualify that with a note about good practice for the sake of performance:

> However, it is good practice to send header fields that contain control data first, such as Host on requests and Date on responses, so that implementations can decide when not to handle a message as early as possible.

In certain cases it is permissible for a message to contain multiple header fields with the same name. In this case, order does matter.

> A recipient MAY combine multiple header fields with the same field name into one "field-name: field-value" pair, without changing the semantics of the message, by appending each subsequent field value to the combined field value in order, separated by a comma. The order in which header fields with the same field name are received is therefore significant to the interpretation of the combined field value.