HTTP headers are included with each HTTP request and response.
The following table lists the common HTTP request headers:
Header | Description |
---|---|
Accept | Lists the content types that the client can understand. |
Accept-Charset | Lists the character encodings the client understands. |
Accept-Encoding | Lists the content encodings that the client understands. |
Accept-Language | Lists the languages and locales that the client prefers. |
Authorization | Contains authentication/authorization credentials. |
Cache-Control | Holds caching instructions. |
Connection | Used to specify whether the network connection should stay open. |
Content-Length | Indicates the size of the request body. |
Content-Type | Indicate the media type of the request body. |
Cookie | Contains the client's cookies previously provided by the server with the Set-Cookie response header. |
Host | Specifies the domain name of the website accessed. |
If-Match | Used for making conditional requests. |
If-Modified-Since | Used for making conditional requests. |
If-None-Match | Used for making conditional requests. |
If-Range | Used for making conditional range requests. |
If-Unmodified-Since | Used for making conditional requests. |
Origin | Used to specify which website the request originates from. |
Pragma | Implementation-specific header. |
Proxy-Authorization | Contains proxy server authentication/authorization credentials. |
Proxy-Connection | Deprecated header. |
Range | Indicates which portion of a resource the server should return. |
Referer | For requests sent when the user follows a link from page A to page B, contains the address of page A. |
Transfer-Encoding | Specifies the encoding for transferring the request body to the server. |
User-Agent | Used by the browser to identify itself when sending the request. |
The following table lists the common HTTP response headers:
Header | Description |
---|---|
Connection | Used to specify whether the network connection should stay open. |
Proxy-Connection | Deprecated header. |
Keep-Alive | Used for keeping the connection open. |
Trailer | Specifies which HTTP headers will be present in the trailer part of chunked messages. |
Transfer-Encoding | Specifies the encoding for transferring the request body to the client. |
WWW-Authenticate | Defines the authentication method supported and required by the server. |
Proxy-Authenticate | Defines the authentication method supported and required by the proxy server. |
Set-Cookie | Used to send cookies from the server to the client. |
Set-Cookie2 | Obsolete header. |
Clear-Site-Data | Prompts the browser to clear browsing data (cookies, storage, cache) associated with the website. |
Strict-Transport-Security | Tells the browser that the website should only be accessed using HTTPS. |
TE | Specifies the transfer encodings that the server accepts. |
Content-Location | Specifies the alternate location for the returned resource. |
Content-MD5 | Provides an integrity check for the response body. |
Etag | Identifies a specific version of the resource. |
Content-Encoding | Indicates the encoding applied to the response body. |
Content-Range | Indicates which portion of a resource the server has returned. |
Content-Type | Used to indicate the media type of the returned response. |
Content-Length | Used to indicate the size of the returned response. |
X-Frame-Options | Indicates whether the browser is allowed to load the page inside the <iframe> and related elements. |
X-XSS-Protection | Stops the page from loading in the context of cross-site scripting (XSS) attacks. |
Cache-Control | Holds caching instructions. |
Location | Specifies the destination redirect URL. |
Pragma | Implementation-specific header. |
Age | Specifies how long the object has been cached for. |
Date | Indicates the moment in time at which the response was initiated. |
Last-Modified | Indicates the moment in time at which the resource was last modified. |
Expires | Indicates the moment in time after which the resource is to be considered stale. |