Toolzy

HTTP Header Reference

Searchable reference of common HTTP request and response headers.

Accept

Tells the server which content types the client can handle.

Accept-Encoding

Lists compression algorithms the client accepts.

Accept-Language

Indicates the client's preferred languages.

Authorization

Carries credentials to authenticate the request.

Cache-Control

Directives that control caching behavior.

Connection

Controls whether the connection stays open.

Content-Encoding

Compression applied to the response body.

Content-Length

Size of the body in bytes.

Content-Security-Policy

Content Security Policy restricting resource loading.

Content-Type

The media type of the body, e.g. application/json.

Cookie

Sends stored cookies back to the server.

Cross-Origin-Resource-Policy

Controls which origins may embed the resource.

Date

The date and time the message was generated.

ETag

Version identifier for cache validation.

Expires

When the response is considered stale.

Host

The target domain and port of the request.

If-Modified-Since

Conditional request based on modification time.

If-None-Match

Conditional request based on ETag value.

Last-Modified

When the resource was last changed.

Location

Redirect target or newly created resource URL.

Origin

The origin that initiated the request (CORS).

Referer

The page URL that linked to the request.

Referrer-Policy

Controls how much referrer info is sent.

Retry-After

How long to wait before retrying the request.

Server

Identifies the server software.

Set-Cookie

Instructs the client to store a cookie.

Strict-Transport-Security

Forces HTTPS for future requests (Strict Transport Security).

User-Agent

Identifies the client browser and platform.

Vary

Lists headers that affect the cached response.

WWW-Authenticate

Defines the authentication scheme for a 401.

X-Forwarded-For

Original client IP behind a proxy.

X-Frame-Options

Controls whether the page may be framed (clickjacking).

Search HTTP headers to quickly recall what each one controls.

How to use

  1. Type a header name or keyword.
  2. Scan the filtered list.
  3. Read what each header does.

Frequently asked questions

What is the difference between request and response headers?
Request headers are sent by the client, response headers by the server; some like Content-Type appear in both directions.
Are header names case-sensitive?
No, HTTP header names are case-insensitive, though canonical capitalization is conventionally used.

Related tools