Accept | Indicates which content types (expressed as MIME types) the client understands. Accept belongs to the set of CORS-safelisted request headers. |
Accept-Charset | Specifies the client's character encoding. This header should not be and is not widely used anymore. Compare with Content-Type |
Accept-Encoding | Specifies the encoding the client understands. Typically, the encoding is a compression algorithm. A list of offical content encodings is maintained by IANA (other encodings also seen include bzip and bzip2). The encoding that is chosen by the server is sent with the Content-Encoding header. The server might send the status code 406 (not acceptable) if it cannot server the document in the requested encoding. |
Accept-Language | Specifies a list of (natural) languages and locales, for example de-CH , en-US or en-US, en , de, en-gb;q=0.8, en;q=0.7 etc…. The chosen language/locale is reported back to the client using the Content-Language header. Accept-Language belongs to the set of CORS-safelisted request headers. Can be changed in Firefox under about:config -> intl.accept_languages . See also the PowerShell cmdLet noun winAcceptLanguageFromLanguageListOptOut and the value AcceptLanguage under the registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International . If unable to serve the requested resource in one of the listed language, the server might send the status code 406 (not acceptable). |
Accept-Ranges | |
Age | |
Allow | |
Authorization | Used in response to response with status 401 (which includes the WWW-Authenticate header). |
Cache-Control | For example: max-age=0 . |
Clear-Site-Data | |
Connection | The value of Connection can be set to keep-alive to specify that the connection between the client and the server should not be terminated when the transaction finishes (Compare with Keep-Alive header. Setting it to close terminates the connection. This header is not allowed in HTTP/2 and HTTP/3 (although Chrome and Firefox treats it gracefully in such a case). See also the Upgrade header for Connection: upgrade . Connection belongs to the set of «hop-by-hop headers». |
Cookie | Cookie sends the stored HTTP cookies associated with the server (which were sent by the server using a previous Set-Cookie response header or specified in JavaScript with document.cookie ). |
Date | |
Expect | |
Expires | |
Forwarded | |
Host | |
Keep-Alive | Keep-Alive is used in conjunction with Connection: keep-alive to set the timeout and max values (for example Keep-Alive: timeout=5, max=1000 ). This header is not allowed in HTTP/2 and HTTP/3. Keep-Aliave belongs to the set of «hop-by-hop headers». |
If-Match | Used together with ETag to detect mid-air edit collisions: When updating a resource, the client sends the ETag value it received from the server in the If-Match header. If the resource has changed in the mean time, the server responds with a 412 status («precodindition failed»). |
If-Modified-Since | |
If-None-Match | |
If-Range | |
If-Unmodified-Since | |
Last-Modified | |
Location | |
Origin | A version of Referer without revealing a path. |
Pragma | |
Proxy-Authenticate | Proxy-Authenticate <type> realm=<realm> . <type> is an authentication scheme. <realm> describes the protected «area». See also the WWW-Authenticate header and HTTP status 401, 403 and 407. Proxy-Authenticate belongs to the set of «hop-by-hop headers». |
Proxy-Authorization | Proxy-Authorization is typically when a server requests the credentials to authorize a user (status code 407). The syntax is Proxy-Authorization <type> <credentials> . <type> is an authentication scheme. <credentials> is the Base64 encoded form of username:secret . Proxy-Authorization belongs to the set of «hop-by-hop headers». |
Range | |
Referer | Note typo! Compare with the Origin header. |
Referrer-Policy | |
Server | |
TE | Specifies the transfer encodings a user agent is willing to accept (it would probably be more intuitive to call this header Accept-Transfer-Encoding ). See also the Transfer-Encoding response header. TE belongs to the set of «hop-by-hop headers». |
Trailers | Trailers belongs to the set of «hop-by-hop headers». |
Upgrade | Used to change the protocol used in an already established connection (for example HTTP/1.1 -> HTTP/2 or HTTP -> HTTPS). Using Upgrade requires aslo Connection: upgrade to be sent with a request. This header can only be used in HTTP/1.1. Upgrade belongs to the set of «hop-by-hop headers». |
Upgrade-Insecure-Requests | |
User-Agent | Identifies the user agent |
Warning |
Accept-CH | Announces which client hints the webserver understands. Alternatively, this list can also be sent with <meta http-equiv="Accept-CH" content="…" /> . |
Accept-Ranges | For example bytes |
Access-Control-Allow-Origin | For example * |
Access-Control-Request-Header | This header can be used to respond to a preflight request to add more allowed headers (comma separated, or simply * ) to the four CORS-safelisted request headers. A server must answer with this header if the request had an Access-Control-Request-Headers header. |
Connection | For example: Keep-Alive |
Cross-Origin-Opener-Policy | |
Cross-Origin-Embedder-Policy | |
Date | Sat, 22 Oct 2022 07:59:01 GMT |
ETag | ETag: "33B282594…" , Etag: W/"1234" . The value of the ETag response header line identifies the returned resource's version. This value is used by the user agent for caching the resources. Related are the If-Match , If-None-Match and the 304 and 412 status codes. |
Keep-Alive | |
Last-Modified | For example Sat, 19 May 2018 08:51:05 GMT |
Location | The URL to which a moved/redireced URL has moved (see HTTP status 301. |
Retry-After | The Retry-After can or should be sent along with HTTP status 503 (Service Unavailable), 429 (Too Many Requests) and 301 (Moved Permanently) and indicates how long the user agent should wait before making a follow-up request. |
Server | For example Apache or ngingx |
Set-Cookie | See also the Cookie request header. |
Transfer-Encoding | See also the TE request header. |
Vary | For example Accept-Encoding |
WWW-Authenticate | WWW-Authenticate: <auth-scheme> … : Used for authentication. Must be included with in a response with status 401. After receiving a WWW-Authenticate header, a client will typically prompt the user for credentials and then re-request the resource with an additional Authorization header. |
X-Content-Type-Options | Sent to prevent MIME type sniffing by the browser (i. e. the browser must consider the MIME type (Content-Type ) to be correct and follow it). |
(invoke-webRequest 'https://renenyffenegger.ch').headers
-i
and dump them to the specified file with -D
. Content-Encoding | Specfies if and how content body was compressed. . See also the Accept-Encoding request header. |
Content-Encoding | For example: text/html; charset=utf-8 or simply text/html |
Content-Length | The size of the (potentially compressed) body, in bytes. |
Content-Language | See also the Accept-Language request header. Content-Language belongs to the set of CORS-safelisted request headers. |
Content-Location | |
Content-Range | |
Content-Type | Content-Type transmits (among others?) a MIME type. Often, Content-Type has a value like text/html; charset=utf-8 or multipart/form-data; boundary=MYCAREFULLYCHOSENBOUNDARY or text/plain . Content-Type belongs to the set of CORS-safelisted request headers. Compare with Accept-Charset |
Via | Added by proxies (both forward and reverse). |
Accept
Accept-Language
Content-Language
Content-Type
Access-Control-Allow-Headers
header. fetch
API). Accept-Charset
Accept-Encoding
Access-Control-Request-Headers
Access-Control-Request-Method
Connection
Content-Length
Cookie
Date
DNT
Expect
Feature-Policy
Host
Keep-Alive
Origin
Proxy-
Sec-
Referer
TE
Trailer
Transfer-Encoding
Upgrade
Via
Proxy-
Set-
Content-Disposition: inline Content-Disposition: attachment Content-Disposition: attachment; filename="foo.mp3"
Content-Disposition: form-data Content-Disposition: form-data; name="field-name" Content-Disposition: form-data; name="field-name"; filename="foo.jpg"
Content-Transfer-Encoding: binary
. X-
. To make this as clear as possible: The major version sent in a message MAY indicate the interpretation of other header fields. The minor version sent in a message MUST NOT indicate the interpretation of other header fields.
HEAD
request method should be used. --header
option (see Specifying the result language). curl.exe
), the -i
command line option includes the response headers in the output.