Requestly
HTTP InterceptorPricingRequestly vs PostmanBlogDocsDownload

Home / HTTP Headers

HTTP Headers reference

Syntax, directives and examples for every HTTP header, and how to set each one with Requestly.

CORS

Access Control Allow Credentials

The HTTP Access-Control-Allow-Credentials response header indicates to browsers whether the server permits credentials to be included in cross-origin HTTP.

Access Control Allow Headers

The HTTP Access-Control-Allow-Headers response header is used in response to a preflight request to specify the HTTP headers permitted during the actual.

Access Control Allow Methods

The HTTP Access-Control-Allow-Methods response header defines the set of HTTP request methods that are permitted when accessing a resource.

Access Control Allow Origin

The HTTP Access-Control-Allow-Origin response header specifies whether a server's response can be shared with requesting code from a particular origin.

Access Control Expose Headers

The HTTP Access-Control-Expose-Headers response header enables a server to specify which response headers should be accessible to scripts executing in the.

Access Control Max Age

The HTTP Access-Control-Max-Age response header specifies the duration for which the results of a preflight request can be cached.

Access Control Request Headers

The HTTP Access-Control-Request-Headers request header is utilized by browsers when sending a preflight request to inform the server about the HTTP.

Access Control Request Method

The HTTP Access-Control-Request-Method request header is utilized by browsers during a preflight request to inform the server about the HTTP method that.

Origin

The HTTP Origin request header signifies the origin ( scheme , hostname, and port) that triggered the request.

Timing Allow Origin

The HTTP Timing-Allow-Origin response header specifies which origins are permitted to access attribute values retrieved using features of the Resource.

Security

Content Security Policy

The HTTP Content-Security-Policy response header enables website administrators to specify which resources the user agent can load for a particular page.

Content Security Policy Report Only

The HTTP Content-Security-Policy-Report-Only response header helps monitor Content Security Policy (CSP) violations and their effects without enforcing.

Cross Origin Embedder Policy

The HTTP Cross-Origin-Embedder-Policy response header configures the current document's policy for loading and embedding cross-origin resources.

Cross Origin Opener Policy

The HTTP Cross-Origin-Opener-Policy (COOP) response header enables a website to specify whether a new top-level document, opened using Window.open() or by.

Cross Origin Resource Policy

The HTTP Cross-Origin-Resource-Policy response header (CORP) informs the browser that it should block no-cors cross-origin or cross-site requests to the.

Expect CT

The Expect-CT response header allows websites to opt in to reporting or enforcing Certificate Transparency .

Permissions Policy

Experimental: This is an experimental technology Check the Browser compatibility table carefully before using this in production.

Strict Transport Security

The HTTP Strict-Transport-Security response header (often abbreviated as HSTS ) indicates to browsers that a website should only be accessed via HTTPS.

Upgrade Insecure Requests

The HTTP Upgrade-Insecure-Requests request header signals to the server that the client prefers an encrypted and authenticated response.

X Content Type Options

The HTTP X-Content-Type-Options response header signals that the MIME types specified in the Content-Type headers should be strictly followed and not.

X Frame Options

For more comprehensive options than offered by this header, see the frame-ancestors directive in a Content-Security-Policy header.

X Permitted Cross Domain Policies

The HTTP X-Permitted-Cross-Domain-Policies response header defines a policy that controls whether resources on a website can be accessed cross-origin by.

X Powered By

The HTTP X-Powered-By response header is a non-standard header used to identify the application or framework responsible for generating the response.

X XSS Protection

Non-standard: This feature is considered non-standard and is not part of any formal standards track.

Other General Headers

User Agent Client Hints

Sec CH Prefers Color Scheme

Experimental: This is an experimental technology Check the Browser compatibility table carefully before using this in production.

Sec CH Prefers Reduced Motion

Experimental: This is an experimental technology Review the Browser compatibility table carefully before deploying this in production environments.

Sec CH Prefers Reduced Transparency

Experimental: This is an experimental technology It is recommended to carefully review the Browser compatibility table before deploying this feature in a.

Sec CH UA

Experimental: This is an experimental technology Check the Browser compatibility table carefully before using this in production.

Sec CH UA Arch

Experimental: This is an experimental technology Check the Browser compatibility table carefully before using this in production.

Sec CH UA Bitness

Experimental: This is an experimental technology Check the Browser compatibility table carefully before using this in production.

Sec CH UA Form Factors

Secure context: This feature is available only in secure contexts (HTTPS), in some or all supporting browsers .

Sec CH UA Full Version

This feature is no longer recommended. Although some browsers may still support it, it might have been removed from current web standards, is in the.

Sec CH UA Full Version List

Experimental: This is an experimental technology Check the Browser compatibility table carefully before using this in production.

Sec CH UA Mobile

Experimental: This is an experimental technology Check the Browser compatibility table carefully before using this in production.

Sec CH UA Model

Experimental: This is an experimental technology Check the Browser compatibility table carefully before using this in production.

Sec CH UA Platform

Experimental: This is an experimental technology Review the browser compatibility table carefully before deploying this in production environments.

Sec CH UA Platform Version

Experimental: This is an experimental technology Check the Browser compatibility table carefully before using this in production.

Sec CH UA WoW64

Secure context: This feature is available only in secure contexts (HTTPS), in some or all supporting browsers .