HTTP headers - HTTP Tutorial

HTTP headers allow the client and the server to pass additional information with the request or the response. A request header consists of its case-insensitive name followed by a colon ‘:‘, then by its value (without line breaks). Leading white space before the value is ignored.

Headers can be grouped according to their contexts:

1. General header: Headers applying to both requests and responses but with no relation to the data eventually transmitted in the body.

2. Request header: Headers containing more information about the resource to be fetched or about the client itself.

3. Response header: Headers with additional information about the response, like its location or about the server itself (name and version etc.).

4. Entity header: Headers containing more information about the body of the entity, like its content length or its MIME-type.

Request Header fields:

Providing some common request header fields:

Header field nameDescriptionExampleStatus
User-AgentThe user agent string of the user agent.User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:12.0) Gecko/20100101 Firefox/12.0Permanent
AcceptMedia type(s) that is(/are) acceptable for the response.Accept: text/plainPermanent
Accept-CharsetCharacter sets that are acceptable.Accept-Charset: utf-8Permanent
Accept-EncodingList of acceptable encodings.Accept-Encoding: gzip, deflatePermanent
Accept-LanguageList of acceptable human languages for response.Accept-Language: en-USPermanent
AuthorizationAuthentication credentials for HTTP authentication.Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==Permanent
Cache-ControlUsed to specify directives that must be obeyed by all caching mechanisms along the request-response chain.Cache-Control: no-cachePermanent
ConnectionControl options for the current connection and list of hop-by-hop request fields. Must not be used with HTTP/2.Connection: keep-aliveConnection: UpgradePermanent
Content-LengthThe length of the request body in octets (8-bit bytes).Content-Length: 348Permanent
Content-TypeThe Media type of the body of the request (used with POST and PUT requests).Content-Type: application/x-www-form-urlencodedPermanent

 

Response Header fields:

Field nameDescriptionExampleStatus
Access-Control-Allow-Origin,

Access-Control-Allow-Credentials,


Access-Control-Expose-Headers,


Access-Control-Max-Age,


Access-Control-Allow-Methods,


Access-Control-Allow-Headers

Specifying which web sites can participate in cross-origin resource sharingAccess-Control-Allow-Origin: *Permanent: standard
ExpiresGives the date/time after which the response is considered stale (in “HTTP-date” format as defined by RFC 7231)Expires: Thu, 01 Dec 1994 16:00:00 GMTPermanent: standard
An HTTP cookieSet-Cookie: UserID=JohnDoe; Max-Age=3600; Version=1Permanent: standard
Strict-Transport-SecurityA HSTS Policy informing the HTTP client how long to cache the HTTPS only policy and whether this applies to subdomains.Strict-Transport-Security: max-age=16070400; includeSubDomainsPermanent: standard
Accept-PatchSpecifies which patch document formats this server supportsAccept-Patch: text/example;charset=utf-8Permanent
Accept-RangesWhat partial content range types this server supports via byte servingAccept-Ranges: bytesPermanent
AgeThe age the object has been in a proxy cache in secondsAge: 12Permanent
AllowValid methods for a specified resource. To be used for a 405 Method not allowedAllow: GET, HEADPermanent
Alt-SvcA server uses “Alt-Svc” header (meaning Alternative Services) to indicate that its resources can also be accessed at a different network location (host or port) or using a different protocolWhen using HTTP/2, servers should instead send an ALTSVC frame.Alt-Svc: http/1.1="http2.example.com:8001"; ma=7200Permanent
Cache-ControlTells all caching mechanisms from server to client whether they may cache this object. It is measured in secondsCache-Control: max-age=3600Permanent
ConnectionControl options for the current connection and list of hop-by-hop response fields.Must not be used with HTTP/2.Connection: closePermanent
Content-DispositionAn opportunity to raise a “File Download” dialogue box for a known MIME type with binary format or suggest a filename for dynamic content. Quotes are necessary with special characters.Content-Disposition: attachment; filename="fname.ext"Permanent
Content-EncodingThe type of encoding used on the data. See HTTP compression.Content-Encoding: gzipPermanent
Content-LanguageThe natural language or languages of the intended audience for the enclosed contentContent-Language: daPermanent
Content-LengthThe length of the response body in octets (8-bit bytes)Content-Length: 348Permanent
Content-LocationAn alternate location for the returned dataContent-Location: /index.htmPermanent
Content-RangeWhere in a full body message this partial message belongsContent-Range: bytes 21010-47021/47022Permanent
Content-TypeThe MIME type of this contentContent-Type: text/html; charset=utf-8Permanent
DateThe date and time that the message was sent (in “HTTP-date” format as defined by RFC 7231)Date: Tue, 15 Nov 1994 08:12:31 GMTPermanent
ETagAn identifier for a specific version of a resource, often a message digestETag: "737060cd8c284d8af7ad3082f209582d"Permanent
Last-ModifiedThe last modified date for the requested object (in “HTTP-date” format as defined by RFC 7231)Last-Modified: Tue, 15 Nov 1994 12:45:26 GMTPermanent