HTTP headers

The list of commonly used HTTP headers.

HTTP

HTTP headers are included with each HTTP request and response.

Request headers

The following table lists the common HTTP request headers:

Header	Description
`Accept`	Lists the content types that the client can understand.
`Accept-Charset`	Lists the character encodings the client understands.
`Accept-Encoding`	Lists the content encodings that the client understands.
`Accept-Language`	Lists the languages and locales that the client prefers.
`Authorization`	Contains authentication/authorization credentials.
`Cache-Control`	Holds caching instructions.
`Connection`	Used to specify whether the network connection should stay open.
`Content-Length`	Indicates the size of the request body.
`Content-Type`	Indicate the media type of the request body.
`Cookie`	Contains the client's cookies previously provided by the server with the `Set-Cookie` response header.
`Host`	Specifies the domain name of the website accessed.
`If-Match`	Used for making conditional requests.
`If-Modified-Since`	Used for making conditional requests.
`If-None-Match`	Used for making conditional requests.
`If-Range`	Used for making conditional range requests.
`If-Unmodified-Since`	Used for making conditional requests.
`Origin`	Used to specify which website the request originates from.
`Pragma`	Implementation-specific header.
`Proxy-Authorization`	Contains proxy server authentication/authorization credentials.
`Proxy-Connection`	Deprecated header.
`Range`	Indicates which portion of a resource the server should return.
`Referer`	For requests sent when the user follows a link from page A to page B, contains the address of page A.
`Transfer-Encoding`	Specifies the encoding for transferring the request body to the server.
`User-Agent`	Used by the browser to identify itself when sending the request.

Response headers

The following table lists the common HTTP response headers:

Header	Description
`Connection`	Used to specify whether the network connection should stay open.
`Proxy-Connection`	Deprecated header.
`Keep-Alive`	Used for keeping the connection open.
`Trailer`	Specifies which HTTP headers will be present in the trailer part of chunked messages.
`Transfer-Encoding`	Specifies the encoding for transferring the request body to the client.
`WWW-Authenticate`	Defines the authentication method supported and required by the server.
`Proxy-Authenticate`	Defines the authentication method supported and required by the proxy server.
`Set-Cookie`	Used to send cookies from the server to the client.
`Set-Cookie2`	Obsolete header.
`Clear-Site-Data`	Prompts the browser to clear browsing data (cookies, storage, cache) associated with the website.
`Strict-Transport-Security`	Tells the browser that the website should only be accessed using HTTPS.
`TE`	Specifies the transfer encodings that the server accepts.
`Content-Location`	Specifies the alternate location for the returned resource.
`Content-MD5`	Provides an integrity check for the response body.
`Etag`	Identifies a specific version of the resource.
`Content-Encoding`	Indicates the encoding applied to the response body.
`Content-Range`	Indicates which portion of a resource the server has returned.
`Content-Type`	Used to indicate the media type of the returned response.
`Content-Length`	Used to indicate the size of the returned response.
`X-Frame-Options`	Indicates whether the browser is allowed to load the page inside the `<iframe>` and related elements.
`X-XSS-Protection`	Stops the page from loading in the context of cross-site scripting (XSS) attacks.
`Cache-Control`	Holds caching instructions.
`Location`	Specifies the destination redirect URL.
`Pragma`	Implementation-specific header.
`Age`	Specifies how long the object has been cached for.
`Date`	Indicates the moment in time at which the response was initiated.
`Last-Modified`	Indicates the moment in time at which the resource was last modified.
`Expires`	Indicates the moment in time after which the resource is to be considered stale.