HTTP Headers Documentation - HTTP Headers Reference Guide
- Related Tools:
- HTTP Headers Viewer
- IP Lookup
- Documentation:
- HTTP Status Codes
Request Headers (Request Headers)
| Header Name | Description | Example |
|---|---|---|
| Accept | Tells the server what content types the client can handle, in order of preference | Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 |
| Accept-Charset | Tells the server what character sets the client can handle | Accept-Charset: utf-8, iso-8859-1;q=0.5 |
| Accept-Encoding | Tells the server what encoding methods the client can handle | Accept-Encoding: gzip, deflate, br |
| Accept-Language | Tells the server what languages the client can handle | Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 |
| Authorization | Contains credentials for authenticating the user with the server | Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ== |
| Cache-Control | Specifies caching mechanisms for requests and responses | Cache-Control: no-cache, no-store, must-revalidate |
| Connection | Controls whether network connections remain open after the current transaction | Connection: keep-alive |
| Content-Length | The length of the request body in bytes | Content-Length: 348 |
| Content-Type | The media type of the request body | Content-Type: application/json; charset=utf-8 |
| Cookie | Contains stored HTTP cookies from the client | Cookie: sessionid=abc123; csrftoken=xyz789 |
| Host | Specifies the domain name and port number of the server | Host: www.example.com:8080 |
| If-Modified-Since | Only returns the resource if it has been modified after the specified time | If-Modified-Since: Wed, 21 Oct 2015 07:28:00 GMT |
| If-None-Match | Only returns the resource if the ETag does not match | If-None-Match: "686897696a7c876b7e" |
| Referer | Tells the server which page initiated the request | Referer: https://www.example.com/page.html |
| User-Agent | User agent string containing information about the client | User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 |
| X-Forwarded-For | Identifies the original IP address of clients connecting through HTTP proxies or load balancers | X-Forwarded-For: 203.0.113.195, 70.41.3.18 |
| X-Requested-With | Identifies Ajax requests, typically with value XMLHttpRequest | X-Requested-With: XMLHttpRequest |
Response Headers (Response Headers)
| Header Name | Description | Example |
|---|---|---|
| Access-Control-Allow-Origin | Indicates whether the response can be shared with requesting code from the given origin | Access-Control-Allow-Origin: https://example.com |
| Access-Control-Allow-Methods | Specifies the methods allowed when accessing the resource | Access-Control-Allow-Methods: GET, POST, PUT, DELETE |
| Cache-Control | Tells browsers and other caches how to cache the response | Cache-Control: public, max-age=3600 |
| Content-Disposition | Indicates how to display the attached file | Content-Disposition: attachment; filename="file.pdf" |
| Content-Encoding | Tells the client what encoding method was used on the entity body | Content-Encoding: gzip |
| Content-Length | The length of the response body in bytes | Content-Length: 1024 |
| Content-Security-Policy | Allows website administrators to control which resources user agents can load for a page | Content-Security-Policy: default-src 'self' |
| Content-Type | Tells the client the actual content type of the returned content | Content-Type: text/html; charset=utf-8 |
| Date | The date and time when the message was sent | Date: Wed, 21 Oct 2015 07:28:00 GMT |
| ETag | A version identifier for the resource | ETag: "686897696a7c876b7e" |
| Expires | The date and time when the response body expires | Expires: Wed, 21 Oct 2015 07:28:00 GMT |
| Last-Modified | The date and time when the resource was last modified | Last-Modified: Wed, 21 Oct 2015 07:28:00 GMT |
| Location | Used for redirects, indicates the URL to access | Location: https://www.example.com/new-page |
| Server | Contains information about the software used by the origin server | Server: Apache/2.4.41 (Unix) |
| Set-Cookie | Sends cookies from the server to the client | Set-Cookie: sessionId=abc123; Path=/; Secure; HttpOnly |
| Strict-Transport-Security | Tells browsers to only access the current resource via HTTPS | Strict-Transport-Security: max-age=31536000 |
| Transfer-Encoding | Specifies the encoding method used to transfer the message body | Transfer-Encoding: chunked |
| Vary | Tells caches which request headers to use when deciding whether a cached response can be used | Vary: Accept-Encoding, User-Agent |
| WWW-Authenticate | Defines the authentication method to access a resource | WWW-Authenticate: Basic realm="Access to staging site" |
| X-Content-Type-Options | Prevents browsers from MIME type sniffing | X-Content-Type-Options: nosniff |
| X-Frame-Options | Controls whether a page can be displayed in a frame or iframe | X-Frame-Options: DENY |
| X-XSS-Protection | Enables cross-site scripting filtering | X-XSS-Protection: 1; mode=block |
General Headers (General Headers)
| Header Name | Description | Example |
|---|---|---|
| Cache-Control | Controls caching behavior | Cache-Control: no-cache, no-store, must-revalidate |
| Connection | Controls network connections | Connection: keep-alive |
| Date | The date and time when the message was generated | Date: Wed, 21 Oct 2015 07:28:00 GMT |
| Pragma | Used to specify caching behavior (HTTP/1.0 compatibility) | Pragma: no-cache |
| Trailer | Allows the sender to add additional metadata after the chunked message body | Trailer: Expires |
| Transfer-Encoding | Specifies the encoding method used to transfer the message body | Transfer-Encoding: chunked |
| Upgrade | Requests the server to upgrade to another protocol | Upgrade: websocket |
| Via | Shows information about proxy servers | Via: 1.1 proxy.example.com (nginx/1.16.1) |
| Warning | Tells about possible problems that might affect the message content | Warning: 199 Miscellaneous warning |
Entity Headers (Entity Headers)
| Header Name | Description | Example |
|---|---|---|
| Allow | Valid request methods for the specific resource | Allow: GET, HEAD, PUT |
| Content-Encoding | The encoding method used on the entity body | Content-Encoding: gzip |
| Content-Language | The language of the entity body | Content-Language: zh-CN, en-US |
| Content-Length | The length of the entity body | Content-Length: 1024 |
| Content-Location | The location of the entity | Content-Location: /documents/foo.html |
| Content-MD5 | The MD5 checksum of the entity body | Content-MD5: Q2hlY2sgSW50ZWdyaXR5IQ== |
| Content-Range | The position of the entity body within the complete message body | Content-Range: bytes 200-1023/1024 |
| Content-Type | The media type of the entity body | Content-Type: text/html; charset=utf-8 |
| Expires | The expiration date and time of the entity body | Expires: Wed, 21 Oct 2015 07:28:00 GMT |
| Last-Modified | The last modification date and time of the entity body | Last-Modified: Wed, 21 Oct 2015 07:28:00 GMT |