HTTP Header Reference
Searchable reference of common HTTP request and response headers.
Accept
Tells the server which content types the client can handle.
Accept-Encoding
Lists compression algorithms the client accepts.
Accept-Language
Indicates the client's preferred languages.
Authorization
Carries credentials to authenticate the request.
Cache-Control
Directives that control caching behavior.
Connection
Controls whether the connection stays open.
Content-Encoding
Compression applied to the response body.
Content-Length
Size of the body in bytes.
Content-Security-Policy
Content Security Policy restricting resource loading.
Content-Type
The media type of the body, e.g. application/json.
Cookie
Sends stored cookies back to the server.
Cross-Origin-Resource-Policy
Controls which origins may embed the resource.
Date
The date and time the message was generated.
ETag
Version identifier for cache validation.
Expires
When the response is considered stale.
Host
The target domain and port of the request.
If-Modified-Since
Conditional request based on modification time.
If-None-Match
Conditional request based on ETag value.
Last-Modified
When the resource was last changed.
Location
Redirect target or newly created resource URL.
Origin
The origin that initiated the request (CORS).
Referer
The page URL that linked to the request.
Referrer-Policy
Controls how much referrer info is sent.
Retry-After
How long to wait before retrying the request.
Server
Identifies the server software.
Set-Cookie
Instructs the client to store a cookie.
Strict-Transport-Security
Forces HTTPS for future requests (Strict Transport Security).
User-Agent
Identifies the client browser and platform.
Vary
Lists headers that affect the cached response.
WWW-Authenticate
Defines the authentication scheme for a 401.
X-Forwarded-For
Original client IP behind a proxy.
X-Frame-Options
Controls whether the page may be framed (clickjacking).
Search HTTP headers to quickly recall what each one controls.
How to use
- Type a header name or keyword.
- Scan the filtered list.
- Read what each header does.
Frequently asked questions
- What is the difference between request and response headers?
- Request headers are sent by the client, response headers by the server; some like Content-Type appear in both directions.
- Are header names case-sensitive?
- No, HTTP header names are case-insensitive, though canonical capitalization is conventionally used.