Home / HTTP Headers
HTTP Headers reference
Syntax, directives and examples for every HTTP header, and how to set each one with Requestly.
Authentication
Authorization
The HTTP Authorization request header is used to send credentials that authenticate a user agent with a server, granting access to protected resources.
Proxy Authenticate
The HTTP Proxy-Authenticate response header specifies the authentication method or challenge that must be used to access a resource behind a proxy server.
Proxy Authorization
The HTTP Proxy-Authorization request header carries the credentials needed for a client to authenticate with a proxy server.
WWW Authenticate
The HTTP WWW-Authenticate response header is used to advertise the authentication methods, or challenges, that a server supports for accessing a.
Caching
Age
The HTTP Age response header indicates the duration in seconds that an object has been stored in a proxy cache.
Cache Control
The HTTP Cache-Control header contains directives —specific instructions that guide how browsers and shared caches like proxies and Content Delivery.
Clear Site Data
Secure context: This feature is available only in secure contexts (HTTPS), in some or all supporting browsers .
Expires
The HTTP Expires response header specifies the date and time after which the response is considered expired within the context of HTTP caching .
No-Vary-Search header
The HTTP No-Vary-Search response header defines how query parameters in a URL should be treated when the browser decides whether to use a cached response.
Conditionals
ETag
The HTTP ETag (entity tag) response header is an identifier for a specific version of a resource.
If Match
The HTTP If-Match request header allows a request to be made conditionally.
If Modified Since
The HTTP If-Modified-Since request header makes a request conditional .
If None Match
The HTTP If-None-Match request header enables conditional requests.
If Unmodified Since
The HTTP If-Unmodified-Since request header makes the request for the resource conditional .
Last Modified
The HTTP Last-Modified response header indicates the date and time when the origin server believes the resource was last altered.
Vary
The HTTP Vary response header specifies which parts of the request message, aside from the method and URL, influence the content of the response in which.
Connection Management
Content Negotiation
Accept
The HTTP Accept request and response headers specify which content types, expressed as MIME types , the sender can interpret.
Accept Encoding
The HTTP Accept-Encoding request and response headers specify the content encoding, typically a compression algorithm, that the sender can interpret.
Accept Language
The HTTP Accept-Language request header specifies the natural language and locale preferred by the client.
Accept Patch
The HTTP Accept-Patch response header informs clients about which media types the server can understand in a PATCH request.
Accept Post
The HTTP Accept-Post response header advertises which media types are accepted by the server in a POST request.
Controls
Cookies
Cookie
The HTTP Cookie request header contains stored HTTP cookies associated with the server, which were previously sent by the server using the Set-Cookie.
Set Cookie
The HTTP Set-Cookie response header is used to send a cookie from the server to the user agent, enabling the user agent to send it back to the server in.
CORS
Access Control Allow Credentials
The HTTP Access-Control-Allow-Credentials response header indicates to browsers whether the server permits credentials to be included in cross-origin HTTP.
Access Control Allow Headers
The HTTP Access-Control-Allow-Headers response header is used in response to a preflight request to specify the HTTP headers permitted during the actual.
Access Control Allow Methods
The HTTP Access-Control-Allow-Methods response header defines the set of HTTP request methods that are permitted when accessing a resource.
Access Control Allow Origin
The HTTP Access-Control-Allow-Origin response header specifies whether a server's response can be shared with requesting code from a particular origin.
Access Control Expose Headers
The HTTP Access-Control-Expose-Headers response header enables a server to specify which response headers should be accessible to scripts executing in the.
Access Control Max Age
The HTTP Access-Control-Max-Age response header specifies the duration for which the results of a preflight request can be cached.
Access Control Request Headers
The HTTP Access-Control-Request-Headers request header is utilized by browsers when sending a preflight request to inform the server about the HTTP.
Access Control Request Method
The HTTP Access-Control-Request-Method request header is utilized by browsers during a preflight request to inform the server about the HTTP method that.
Origin
The HTTP Origin request header signifies the origin ( scheme , hostname, and port) that triggered the request.
Timing Allow Origin
The HTTP Timing-Allow-Origin response header specifies which origins are permitted to access attribute values retrieved using features of the Resource.
Integrity Digests
Content Digest
The HTTP Content-Digest header in both request and response messages provides a cryptographic hash value generated from the message content.
Repr Digest
The HTTP Repr-Digest request and response header provide a digest of the specific representation of the target resource.
Want Content Digest
The HTTP Want-Content-Digest request and response headers indicate a preference for the recipient to send a Content-Digest integrity header in messages.
Want Repr Digest
The HTTP Want-Repr-Digest request and response headers indicate a preference for the recipient to send a Repr-Digest integrity header in messages.
Message Body Information
Content Encoding
The HTTP Content-Encoding representation header lists the encodings and the order in which they have been applied to a resource.
Content Language
The HTTP Content-Language representation header is used to specify the language(s) that the content is intended for, allowing users to identify and select.
Content Length
The HTTP Content-Length header specifies the size, in bytes, of the message body being transmitted to the recipient.
Content Location
The HTTP Content-Location representation header indicates an alternate location for the returned data.
Content Type
The HTTP Content-Type representation header is used to specify the original media type of a resource before any content encoding is applied.
Preferences
Prefer header
The HTTP Prefer header allows clients to indicate preferences for specific server behaviors during request processing.
Preference-Applied header
The Preference-Applied response header serves as a notification from the server to the client, confirming which specific directives from the initial.
Proxies
Range Requests
Accept Ranges
The HTTP Accept-Ranges response header is used by the server to indicate its support for range requests .
Content Range
The HTTP Content-Range response header is used in range requests to specify the position of the response body content within a complete resource.
If Range
The HTTP If-Range request header allows for conditional range requests.
Range
The HTTP Range request header specifies which part of a resource the server should return.
Redirects
Request Context
From
The HTTP From request header includes an email address associated with an administrator responsible for the automated user agent.
Host
The HTTP Host request header specifies the host and port number of the server to which the request is being sent.
Referer
The HTTP Referer request header contains the absolute or partial address from which a resource has been requested.
Referrer Policy
The HTTP Referrer-Policy response header controls the amount of referrer information (sent with the Referer header) that should be included with requests.
User Agent
The HTTP User-Agent request header is a string that identifies the application, operating system, vendor, and version of the requesting user agent.
Response Context
Security
Content Security Policy
The HTTP Content-Security-Policy response header enables website administrators to specify which resources the user agent can load for a particular page.
Content Security Policy Report Only
The HTTP Content-Security-Policy-Report-Only response header helps monitor Content Security Policy (CSP) violations and their effects without enforcing.
Cross Origin Embedder Policy
The HTTP Cross-Origin-Embedder-Policy response header configures the current document's policy for loading and embedding cross-origin resources.
Cross Origin Opener Policy
The HTTP Cross-Origin-Opener-Policy (COOP) response header enables a website to specify whether a new top-level document, opened using Window.open() or by.
Cross Origin Resource Policy
The HTTP Cross-Origin-Resource-Policy response header (CORP) informs the browser that it should block no-cors cross-origin or cross-site requests to the.
Expect CT
The Expect-CT response header allows websites to opt in to reporting or enforcing Certificate Transparency .
Permissions Policy
Experimental: This is an experimental technology Check the Browser compatibility table carefully before using this in production.
Strict Transport Security
The HTTP Strict-Transport-Security response header (often abbreviated as HSTS ) indicates to browsers that a website should only be accessed via HTTPS.
Upgrade Insecure Requests
The HTTP Upgrade-Insecure-Requests request header signals to the server that the client prefers an encrypted and authenticated response.
X Content Type Options
The HTTP X-Content-Type-Options response header signals that the MIME types specified in the Content-Type headers should be strictly followed and not.
X Frame Options
For more comprehensive options than offered by this header, see the frame-ancestors directive in a Content-Security-Policy header.
X Permitted Cross Domain Policies
The HTTP X-Permitted-Cross-Domain-Policies response header defines a policy that controls whether resources on a website can be accessed cross-origin by.
X Powered By
The HTTP X-Powered-By response header is a non-standard header used to identify the application or framework responsible for generating the response.
X XSS Protection
Non-standard: This feature is considered non-standard and is not part of any formal standards track.
Fetch Metadata Request Headers
Sec Fetch Dest
The HTTP Sec-Fetch-Dest fetch metadata request header indicates the request's destination .
Sec Fetch Mode
The HTTP Sec-Fetch-Mode fetch metadata request header indicates the mode of the request.
Sec Fetch Site
The HTTP Sec-Fetch-Site fetch metadata request header indicates the relationship between a request initiator's origin and the origin of the requested.
Sec Fetch User
The HTTP Sec-Fetch-User fetch metadata request header is sent for requests initiated by user activation, and its value is always ?1 .
Sec Purpose
The HTTP Sec-Purpose fetch metadata request header indicates the purpose for which the requested resource will be used, when that purpose is different.
Service Worker Navigation Preload
The HTTP Service-Worker-Navigation-Preload request header indicates that the request was initiated by a fetch operation during service worker navigation.
Server-Sent Events
Transfer Coding
TE
The HTTP TE request header specifies which transfer encodings the user agent is willing to accept.
Trailer
The HTTP Trailer request and response header allow the sender to include additional fields at the end of chunked messages to provide metadata that might.
Transfer Encoding
The HTTP Transfer-Encoding request and response header specifies the form of encoding used to transfer messages between nodes on the network.
WebSockets
Sec WebSocket Accept
The HTTP Sec-WebSocket-Accept response header is used in the WebSocket opening handshake to indicate that the server is willing to upgrade to a WebSocket.
Sec WebSocket Extensions
The HTTP Sec-WebSocket-Extensions request and response header are used during the WebSocket opening handshake to negotiate protocol extensions supported.
Sec WebSocket Key
The HTTP Sec-WebSocket-Key request header is used during the WebSocket opening handshake to enable a client (user agent) to verify that it genuinely.
Sec WebSocket Protocol
The HTTP Sec-WebSocket-Protocol request and response headers are used during the WebSocket opening handshake to negotiate a sub-protocol to be used for.
Sec WebSocket Version
The HTTP Sec-WebSocket-Version request and response header are used during the WebSocket opening handshake to indicate the WebSocket protocol supported by.
Other General Headers
Alt Svc
The HTTP Alt-Svc response header allows a server to specify an alternate network location, known as the "alternative service," which can be considered.
Alt-Used header
The HTTP Alt-Used request header identifies the alternative service currently in use, much like the Host HTTP header field specifies the host and port of.
Date
The HTTP Date request and response header include the timestamp indicating when the message was created or sent.
Link
The HTTP Link header offers a way to serialize one or more link relations within HTTP headers.
Priority header
The HTTP Priority header signals a client's preferred order for sending a requested resource's response, relative to other requests on the same.
Retry After
The HTTP Retry-After response header specifies the amount of time a user agent should wait before making a subsequent request.
Server Timing
The HTTP Server-Timing response header conveys key performance metrics related to the request-response cycle.
Service Worker
Service-Worker request header is included in fetches for a service worker's script resource.
Service Worker Allowed
The HTTP Service-Worker-Allowed response header is utilized to extend the default path restriction for a service worker's scope.
SourceMap
The HTTP SourceMap response header indicates the location of a source map associated with a web resource.
Upgrade
The HTTP Upgrade request and response header are used to transition an already-established client/server connection to a different protocol over the same.
Attribution Reporting Headers
Attribution-Reporting-Eligible header
This feature is no longer recommended. While some browsers might still support it, it may have already been removed from relevant web standards, could be.
Attribution-Reporting-Register-Source header
This feature is no longer recommended. While some browsers might still support it, it could have been removed from web standards, be in the process of.
Attribution-Reporting-Register-Trigger header
This feature is no longer recommended. While some browsers might still support it, it may have already been removed from the relevant web standards, could.
Client Hints
Accept CH
The HTTP Accept-CH response header may be set by a server to specify which client hint headers should be included by the client in subsequent requests.
Critical CH
Experimental: This is an experimental technology Check the Browser compatibility table carefully before using this in production.
User Agent Client Hints
Sec CH Prefers Color Scheme
Experimental: This is an experimental technology Check the Browser compatibility table carefully before using this in production.
Sec CH Prefers Reduced Motion
Experimental: This is an experimental technology Review the Browser compatibility table carefully before deploying this in production environments.
Sec CH Prefers Reduced Transparency
Experimental: This is an experimental technology It is recommended to carefully review the Browser compatibility table before deploying this feature in a.
Sec CH UA
Experimental: This is an experimental technology Check the Browser compatibility table carefully before using this in production.
Sec CH UA Arch
Experimental: This is an experimental technology Check the Browser compatibility table carefully before using this in production.
Sec CH UA Bitness
Experimental: This is an experimental technology Check the Browser compatibility table carefully before using this in production.
Sec CH UA Form Factors
Secure context: This feature is available only in secure contexts (HTTPS), in some or all supporting browsers .
Sec CH UA Full Version
This feature is no longer recommended. Although some browsers may still support it, it might have been removed from current web standards, is in the.
Sec CH UA Full Version List
Experimental: This is an experimental technology Check the Browser compatibility table carefully before using this in production.
Sec CH UA Mobile
Experimental: This is an experimental technology Check the Browser compatibility table carefully before using this in production.
Sec CH UA Model
Experimental: This is an experimental technology Check the Browser compatibility table carefully before using this in production.
Sec CH UA Platform
Experimental: This is an experimental technology Review the browser compatibility table carefully before deploying this in production environments.
Sec CH UA Platform Version
Experimental: This is an experimental technology Check the Browser compatibility table carefully before using this in production.
Sec CH UA WoW64
Secure context: This feature is available only in secure contexts (HTTPS), in some or all supporting browsers .
Device Client Hints
Content-DPR header
This feature is no longer recommended. Though some browsers might still support it, it may have already been removed from the relevant web standards, may.
Device Memory
Secure context: This feature is available only in secure contexts (HTTPS), in some or all supporting browsers .
DPR
The HTTP DPR request header provides device client hints about the client device's pixel ratio (DPR).
Viewport Width
This feature is no longer recommended. While some browsers may still support it, it might have already been removed from current web standards, be in the.
Width
This feature is no longer recommended for use. Although some browsers may still support it, it could have been removed from the official web standards.
Network Client Hints
Downlink
The HTTP Downlink request header is used within Client Hints to communicate an estimated bandwidth of the client's connection to the server, measured in.
ECT
The HTTP ECT request header is used in Client Hints to indicate the effective connection type : slow-2g , 2g , 3g , or 4g .
RTT
The HTTP RTT request header is a network client hint that provides an estimate of the round-trip time on the application layer, measured in milliseconds.
Save Data
Experimental: This is an experimental technology Carefully review the Browser compatibility table before deploying this in production environments.
Compression Dictionary Transport
Available-Dictionary header
Experimental: This is an experimental technology Check the Browser compatibility table carefully before using this in production.
Dictionary-ID header
The HTTP Dictionary-ID request header points to a dictionary used by Compression Dictionary Transport for compressing server responses.
Use As Dictionary
Experimental: This is an experimental technology Carefully review the Browser compatibility table before implementing this in a production environment.
Privacy
DNT
The HTTP <code>DNT</code> (Do Not Track) request header indicates the user's tracking preferences.
Sec GPC
Experimental: This is an experimental technology Check the Browser compatibility table carefully before using this in production.
Tk
This feature is no longer recommended. Although some browsers might still support it, it may have already been removed from current web standards, is in.
Security (Experimental)
Server-Sent Events (Experimental)
Other Experimental Headers
Early Data
The HTTP Early-Data request header is set by an intermediary to indicate that the request has been conveyed in TLS early data , and also indicates that.
Sec Speculation Tags
Experimental: This is an experimental technology Check the Browser compatibility table carefully before using this in production.
Set Login
The HTTP Set-Login response header is sent by a federated identity provider (IdP) to establish its login status, indicating whether a user is currently.
Speculation Rules
The HTTP Speculation-Rules response header provides one or more URLs pointing to text resources containing speculation rule JSON definitions.
Supports Loading Mode
Secure context: This feature is available only in secure contexts (HTTPS), in some or all supporting browsers .
Non-Standard Headers
X DNS Prefetch Control
Non-standard: This feature is non-standard and is not on a standards track.
X Forwarded For
The HTTP X-Forwarded-For (XFF) request header is a widely adopted standard for identifying the original IP address of a client connecting to a web server.
X Forwarded Host
The HTTP X-Forwarded-Host request header is an informal standard used to identify the original host requested by the client in the Host HTTP request.
X Forwarded Proto
The HTTP X-Forwarded-Proto request header is a widely adopted standard used to identify the protocol (HTTP or HTTPS) that a client employed to connect to.
X Robots Tag
The X-Robots-Tag response header specifies how crawlers should index URLs.
Other Headers
HTTP Headers
A complete reference for HTTP request and response headers: syntax, directives, examples, and how to set each one with Requestly.
Observe Browsing Topics header
The HTTP Observe-Browsing-Topics response header is used to mark topics of interest, which are determined from the URL of a calling site (specifically.
Pragma
This feature is no longer recommended. Although some browsers may still support it, it might have been removed from current web standards, is in the.
Reporting Endpoints
The HTTP Reporting-Endpoints response header allows website administrators to specify one or more endpoints to which reports generated by the Reporting.
Sec Browsing Topics
The HTTP Sec-Browsing-Topics request header transmits the selected topics for the current user along with the associated request.
Warning
This feature is no longer recommended. Although some browsers may still support it, it might have already been removed from current web standards, is in.