HTTP Headers Reference
Searchable list of all HTTP headers with descriptions and examples
httpheadersreferencerequestresponse
Showing 60 of 60 headers
| Name | Type | Description |
|---|---|---|
Accept | Request | Informs the server about the types of data the client can understand. |
Accept-Charset | Request | Advertises which character encodings the client understands. |
Accept-Encoding | Request | Advertises which content-encoding algorithms the client supports. |
Accept-Language | Request | Advertises which languages the client is able to understand. |
Authorization | Request | Contains credentials to authenticate a user-agent with a server. |
Cookie | Request | Contains stored HTTP cookies previously sent by the server. |
Expect | Request | Indicates expectations the server must meet to handle the request. |
From | Request | Contains an Internet email address for a human user controlling the requesting agent. |
Host | Request | Specifies the host and port number of the server to which the request is being sent. |
If-Match | Request | Makes the request conditional; the server sends the resource only if it matches a given ETag. |
If-Modified-Since | Request | Makes the request conditional; the server sends the resource only if it has been modified after the given date. |
If-None-Match | Request | Makes the request conditional; returns 304 Not Modified if the ETag matches. |
If-Range | Request | Makes a range request conditional; used to resume a download. |
If-Unmodified-Since | Request | Makes the request conditional; server processes it only if unchanged since the given date. |
Max-Forwards | Request | Limits the number of times the request can be forwarded by proxies. |
Origin | Request | Indicates where a cross-origin fetch originates from. |
Proxy-Authorization | Request | Contains credentials to authenticate a user agent with a proxy server. |
Range | Request | Specifies the part of a document the server should return. |
Referer | Request | Contains the absolute or partial address of the page making the request. |
TE | Request | Specifies the transfer encodings the user agent is willing to accept. |
Upgrade-Insecure-Requests | Request | Signals the client's preference for an encrypted and authenticated response. |
User-Agent | Request | Contains a characteristic string that allows network protocol peers to identify the application. |
X-Forwarded-For | Request | Identifies the originating IP address of a client connecting through a proxy. |
X-Requested-With | Request | Used to identify Ajax requests by JavaScript frameworks. |
Accept-Ranges | Response | Indicates whether the server supports range requests for a resource. |
Age | Response | Time in seconds the object has been in a proxy cache. |
Allow | Response | Lists the set of HTTP request methods supported by a resource. |
Content-Disposition | Response | Indicates how the content should be displayed; often used to trigger a file download. |
Content-Encoding | Response | Specifies the encoding applied to the response body. |
Content-Language | Response | Describes the language(s) intended for the response audience. |
Content-Location | Response | Indicates an alternate location for the returned data. |
Content-Range | Response | Indicates where in the full body a partial message belongs. |
ETag | Response | Identifier for a specific version of a resource, used for caching. |
Expires | Response | Contains the date/time after which the response is considered stale. |
Last-Modified | Response | Contains the date and time the server believes the resource was last modified. |
Location | Response | Indicates the URL to redirect a page to, used with 3xx status codes. |
Proxy-Authenticate | Response | Defines the authentication method to gain access to a proxy. |
Retry-After | Response | Indicates how long to wait before making a follow-up request. |
Server | Response | Contains information about the software used by the origin server. |
Set-Cookie | Response | Sends cookies from the server to the user agent. |
Strict-Transport-Security | Response | Informs browsers that the site should only be accessed using HTTPS (HSTS). |
Trailer | Response | Specifies headers that will be present in the trailer of a chunked transfer encoded message. |
Transfer-Encoding | Response | Specifies the form of encoding used to transfer the payload body. |
Vary | Response | Determines how to match future request headers to decide whether a cached response can be used. |
WWW-Authenticate | Response | Defines the authentication method that should be used to access the resource. |
X-Content-Type-Options | Response | Prevents MIME-sniffing attacks by instructing browsers to follow the declared content type. |
X-Frame-Options | Response | Controls whether a browser can render a page in a frame, used to prevent clickjacking. |
X-XSS-Protection | Response | Enables cross-site scripting filtering in browsers (legacy; superseded by CSP). |
Cache-Control | Both | Holds directives for caching in both requests and responses. |
Connection | Both | Controls whether the network connection stays open after the current transaction. |
Content-Length | Both | Size of the message body in bytes. |
Content-Security-Policy | Both | Controls resources the browser is allowed to load, helps prevent XSS. |
Content-Type | Both | Indicates the media type of the resource or data being sent. |
Date | Both | Contains the date and time at which the message was originated. |
Forwarded | Both | Contains information from the client-facing side of proxy servers that is altered by proxies. |
Keep-Alive | Both | Controls how long a persistent connection should stay open. |
Pragma | Both | Implementation-specific header that may have various effects along the request-response chain. |
Upgrade | Both | Specifies that the client wishes to switch to a different protocol. |
Via | Both | Added by proxies to track message forwards and avoid request loops. |
Warning | Both | Carries additional information about the status of a message. |