Common HTTP Headers

The list of common HTTP headers.

General Headers
  • Cache-Control – catching directives for both requests and responses.
  • Connection - controls the network connection after finishing current transaction.
  • Date – representing date/time in Greenwich Mean Time (GMT)
  • Pragma - include implementation specific directives along the request/response chain.
  • Transfer-Encoding – indicating the type of information suitable for safely transfer
  • Upgrade – used to specify additional communication protocols in case server switches protocol
  • Via - indicates the intermediate protocols and recipients and should be used by gateways and proxies
  • Warning – provides additional information about the status or transformation of a message
Request Headers
  • Accept - advertises understandable content types, expressed as MIME types.
  • Accept-* - advertises understandable language and preferable locale variant.
  • Accept-Encoding – limits the content encodings allowed in the response.
  • Accept-Language - restricts the set of preferable natural languages of the response.
  • Authorization - consists of credentials containing the authentication information.
  • Cookie - send to the server the cookies previously sent by the server with the Set-Cookie header.
  • Expect – indicates certain expectations of server behavior on the client side.
  • From - contains email address for the user holding control of the requesting agent.
  • Host - specifies the host and the port number of the resource that is requested.
  • If-Match –makes the method conditional depending on the given value in the tag matching the given entity tags represented by ETag
  • If-Modified-Since – makes the method conditional provided the modification state of the requested URL.
  • If-Non-Match – condition is that the given value in the tag matches entity provided by ETag.
  • If-Range – is used with the conditional GET to request portion or entire entity depending on whether the changes are made or not.
  • If-Unmodified-Since – makes the method conditional provided the modification status of the requested resource.
  • Max-Forwards - provides restriction mechanism with the TRACE and OPTIONS methods concerning the number of proxies or gateways forwarding the request to the next inbound server.
  • Origin - indicates a fetch origin and includes only the server name.
  • Proxy-Authorization - allows identification to a proxy that requires authentication.
  • Range – specifies the range or ranges of the content requested from the document.
  • Referer - contains the address of the previous web page from which the link to the page requested at the moment followed.
  • TE - indicates willingness to extent transfer-coding in the response and accept trailer fields in a chunked transfer-coding.
  • User-Agent - information about client making the request; vendor, version of the requesting user agent.
Response Headers
  • Accept –Patch - specifies patch document formats the server supports
  • Accept-Range - allows the server to indicate range requests acceptance.
  • Access-Control-Allow-Origin – indicates the possibility of sharing the response with requesting code from the given origin.
  • Age - how long in seconds the object is in the proxy cache.
  • Alt-Svc – means Alternative Services, indicates different network location or protocol of resources.
  • Cache-Control –controls checking the ETag value before using a cached version of a resource.
  • Connection - controls options for the current connection and list of hop-by-hop response fields.
  • Content-Disposition – gives an opportunity for file download.
  • Delta-Base - specifies the delta-encoding entity tag of the response
  • ETag - provides the current value of the entity tag for the requested variant.
  • IM – Istant Manipulation applied to the response.
  • Link - expresses relationship with another resource, type is defined by RFC 5988
  • Location - the destination URL for 3xx redirects.
  • Proxy-Authenticate – a field to be included as a part of the 407 Proxy Authentication Required response code
  • Public-Key-Pins - announces hash of authentic TLS certificate of the website.
  • Retry-After – indicates expectation concerning the time when service is unavailable and can be used with a 503 (Service Unavailable) response.
  • Server - information about the server (name, version).
  • Set-Cookie - contains information to retain for the URL.
  • Strict-Transport-Security - informs on the duration of the HTTPS only policy cache and about its application to subdomains.
  • Trailer - indicates the presence of the given set of header fields in the trailer of the encoded message.
  • Transfer-Encoding - safely transfer of the entity to the user.
  • Tk - Tracking Status header
  • Upgrade – asks for an upgrade to another protocol.
  • Vary - specifies variety of the sources of the entity.
  • WWW-Authenticate - indicates applicable authentication schemes and parameters.
Entity Headers
  • Allow - lists the set of methods supported by the resource identified by the Request-URI.
  • Content-Encoding – used to compress the media-type.
  • Content-Language - the content language.
  • Content-Length - the size of the entity-body sent to the client, in bytes.
  • Content-Location – provides the entity with the resource location if it is obtained from the location which is different from that of requested resource.
  • Content-MD5 - supplies an MD5 digest of the entity for checking the integrity of the message.
  • Content-Range – specifies the place for the partial body to be applied in the full body.
  • Content-Type – used to show the media type of the resource.
  • Expires – sets expiration time.
  • Last-Modified – indicates time of last modification according to the origin server.
Updated: Viewed: 2734 times