HTTP Headers

The following HTTP headers are parsed and understood by

  • accept-ch

    Specify what client hints should be included in subsequent requests.

  • accept-ranges

    What partial content range types this server supports via byte serving.

  • access-control-allow-credentials

    Allow credentials to be sent in CORS requests.

  • access-control-allow-origin

    Indicate whether the response can be shared with the given origin.

  • age

    The age the object has been in a proxy cache in seconds.

  • alt-svc

    Indicate a resource should be loaded from a different server while still appearing to be loaded from this server.

  • c3p

    Platform for Privacy Preferences Project, now obsolete.

  • cache-control

    Inform all caching mechanisms from server to client whether they may cache this object.

  • cf-cache-status

    Encoded information about your request from Cloudflare.

  • cf-ray

    Encoded information about your request from Cloudflare.

  • cf-request-id

    Cloudflare request ID

  • connection

    Control options for the current connection and list of hop-by-hop response fields.

  • content-disposition

    Determine whether the response should be displayed inline or downloaded.

  • content-encoding

    Encodings used in the message, and the order they appear.

  • content-language

    The natural language or languages of the intended audience for the enclosed content.

  • content-length

    The length of the response body in octets (8-bit bytes).

  • content-security-policy

    The content security policy allows the server to determine what resources the user is allowed to load.

  • content-security-policy-report-only

    The content security policy, reporting only.

  • content-type

    The MIME type of this content.

  • cross-origin-opener-policy

    Isolated the document from cross-origin windows.

  • cross-origin-resource-policy

    The cross-origin policy.

  • date

    The date and time that the message was sent.

  • dnt

    Do not track.

  • etag

    An identifier for a specific version of a resource.

  • expect-ct

    Used by a server to indicate that UAs should evaluate connections to the host emitting the header field for CT compliance.

  • expires

    The time at which the response is considered stale.

  • feature-policy

    Enable and disable browser features.

  • host

    Host name of requested site.

  • last-modified

    The last modified date for the requested object.

  • link

    Used to express a typed relationship with another resource.

  • location

    New location of requested resource.

  • mime-version

    MIME version.

  • nel

    Configure network request logging.

  • p3p

    P3P policy.

  • permissions-policy

    Enable and disable browser features.

  • pragma

    HTTP/1.0 backwards compatible cache handling.

  • range

    Send or receive a partial part of the resource.

  • referrer-policy

    Controls what referrer information is sent with requests.

  • report-to

    Report to.

  • server

    A name for the server.

  • server-timing

    Server metrics for the request.

  • set-cookie

    A cookie sent from the server to be set on the client

  • strict-transport-security

    A HSTS Policy informing the HTTP client how long to cache the HTTPS only policy and whether this applies to subdomains.

  • vary

    Indicates that different content may be provided to different clients, depending on the vary header.

  • via

    Added by proxies to track a request through proxies and to avoid loops.

  • www-authenticate

    Authentication method used to access the resource.

  • x-cache

    Indicates whether a cache was used to server this response.

  • x-cloud-trace-context

    Used by the Google Cloud platform to identify requests.

  • x-content-type-option

    Use x-content-type-options.

  • x-content-type-options

    Prevents Internet Explorer from MIME-sniffing a response away from the declared content-type.

  • x-frame-options

    Clickjacking protection.

  • x-magento-tags

    Tags for Magento.

  • x-permitted-cross-domain-policies

    Specifies if a cross-domain policy is allowed.

  • x-pingback

    Where to send WordPress pings.

  • x-powered-by

    The software powering this site.

  • x-redirect-by

    WordPress redirect agent. A value of "WordPress" indicates that WordPress itself redirected the resource.

  • x-redirection

    URL is being redirected with the WordPress plugin Redirection.

  • x-robots-tag

    Specify how the resource is shown in search results.

  • x-ua-compatible

    Recommends the preferred rendering engine (often a backward-compatibility mode) to use to display the content.

  • x-vercel-cache

    Details about the Vercel cache

  • x-xss-protection

    Cross-site scripting (XSS) filter.