List of HTTP headers

From Wikipedia, the free encyclopedia

Jump to: navigation, search
HTTP
Persistence · Compression · SSL
Headers
ETag · Cookie · Referrer
Status codes
301 Moved permanently
302 Found
303 See Other
403 Forbidden
404 Not Found

HTTP Headers form the core of an HTTP request, and are very important in an HTTP response. They define various characteristics of the data that is requested or the data that has been provided. The headers are separated from the request or response body by a blank line. HTTP headers can be near-arbitrary strings, but only some are commonly understood.

Contents

[edit] Requests

Header Description Example
Accept Content-Types that are acceptable Accept: text/plain
Accept-Charset Character sets that are acceptable Accept-Charset: iso-8859-5
Accept-Encoding Acceptable encodings Accept-Encoding: compress, gzip
Accept-Language Acceptable languages for response Accept-Language: da
Accept-Ranges Allows the server to indicate its acceptance of range requests for a resource Accept-Ranges: bytes
Authorization Authentication credentials for HTTP authentication Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
Cache-Control Used to specify directives that MUST be obeyed by all caching mechanisms along the request/response chain Cache-Control: no-cache
Connection What type of connection the user-agent would prefer Connection: close
Cookie an HTTP cookie previously sent by the server with Set-Cookie (below) Cookie: $Version=1; UserId=JohnDoe
Content-Type The mime-type of the body of the request (used with POST and PUT requests) Content-Type: application/x-www-form-urlencoded
Date The date and time that the message was sent Date: Tue, 15 Nov 1994 08:12:31 GMT
Expect Indicates that particular server behaviors are required by the client Expect: 100-continue
Host The domain name of the server (for virtual hosting), mandatory since HTTP/1.1 Host: en.wikipedia.org
If-Match Only perform the action if the client supplied entity matches the same entity on the server. This is mainly for methods like PUT to only update a resource if it has not been modified since the user last updated it. If-Match: "737060cd8c284d8af7ad3082f209582d"
If-Modified-Since Allows a 304 Not Modified to be returned if content is unchanged If-Modified-Since: Sat, 29 Oct 1994 19:43:31 GMT
If-None-Match Allows a 304 Not Modified to be returned if content is unchanged, see HTTP ETag If-None-Match: "737060cd8c284d8af7ad3082f209582d"
If-Range If the entity is unchanged, send me the part(s) that I am missing; otherwise, send me the entire new entity If-Range: "737060cd8c284d8af7ad3082f209582d"
If-Unmodified-Since Only send the response if the entity has not been modified since a specific time. If-Unmodified-Since: Sat, 29 Oct 1994 19:43:31 GMT
Max-Forwards Limit the number of times the message can be forwarded through proxies or gateways. Max-Forwards: 10
Pragma Implementation-specific headers that may have various effects anywhere along the request-response chain. Pragma: no-cache
Proxy-Authorization Authorization credentials for connecting to a proxy. Proxy-Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
Range Request only part of an entity. Range: bytes=500-999
Referer This is the address of the previous web page from which a link to the currently requested page was followed. Referer: http://en.wikipedia.org/wiki/Main_Page
TE The transfer encodings the user is willing to accept. TE: trailers, deflate;q=0.5
Upgrade Ask the server to upgrade to another protocol. Upgrade: HTTP/2.0, SHTTP/1.3, IRC/6.9, RTA/x11
User-Agent The user agent string of the user agent User-Agent: Mozilla/5.0 (Linux; X11)
Via Informs the server of proxies through which the request was sent. Via: 1.0 fred, 1.1 nowhere.com (Apache/1.1)
Warn A general warning about possible problems with the entity body. Warn: 199 Miscellaneous warning

[edit] Responses

Header Description Example
Accept-Ranges What partial content range types this server supports Accept-Ranges: bytes
Age The age the object has been in a proxy cache in seconds Age: 12
Allow Valid actions for a specified resource. To be used for a 405 Method not allowed Allow: GET, HEAD
Cache-Control Tells all caching mechanisms from server to client whether they may cache this object Cache-Control: no-cache
Content-Encoding The type of encoding used on the data Content-Encoding: gzip
Content-Language The language the content is in Content-Language: da
Content-Length The length of the response body in 8-bit bytes Content-Length: 348
Content-Location An alternate location for the returned data Content-Location: /index.htm
Content-Disposition An opportunity to raise a "File Download" dialogue box for a known MIME type Content-Disposition: attachment; filename=fname.ext
Content-MD5 An MD5 sum of the content of the response Content-MD5: 3167b9c13ad2b6d36946493fc47976c8
Content-Range Where in a full body message this partial message belongs Content-Range: bytes 21010-47021/47022
Content-Type The mime type of this content Content-Type: text/html; charset=utf-8
Date The date and time that the message was sent Date: Tue, 15 Nov 1994 08:12:31 GMT
ETag An identifier for a specific version of a resource, often a Message Digest, see ETag ETag: 737060cd8c284d8af7ad3082f209582d
Expires Gives the date/time after which the response is considered stale Expires: Thu, 01 Dec 1994 16:00:00 GMT
Last-Modified The last modified date for the requested object, in RFC 2822 format Last-Modified: Tue, 15 Nov 1994 12:45:26 GMT
Location Used in redirection, or when a new resource has been created. Location: http://www.w3.org/pub/WWW/People.html
Pragma Implementation-specific headers that may have various effects anywhere along the request-response chain. Pragma: no-cache
Proxy-Authenticate Request authentication to access the proxy. Proxy-Authenticate: Basic
Retry-After If an entity is temporarily unavailable, this instructs the client to try again after a specified period of time. Retry-After: 120
Server A name for the server Server: Apache/1.3.27 (Unix) (Red-Hat/Linux)
Set-Cookie an HTTP cookie Set-Cookie: UserID=JohnDoe; Max-Age=3600; Version=1
Trailer The Trailer general field value indicates that the given set of header fields is present in the trailer of a message encoded with chunked transfer-coding. Trailer: Max-Forwards
Transfer-Encoding The form of encoding used to safely transfer the entity to the user. Transfer-Encoding: chunked
Vary Tells downstream proxies how to match future request headers to decide whether the cached response can be used rather than requesting a fresh one from the origin server. Vary: *
Via Informs the client of proxies through which the response was sent. Via: 1.0 fred, 1.1 nowhere.com (Apache/1.1)
Warn A general warning about possible problems with the entity body. Warn: 199 Miscellaneous warning
WWW-Authenticate Indicates the authentication scheme that should be used to access the requested entity. WWW-Authenticate: Basic

[edit] Effects of selected HTTP headers

[edit] Avoiding Caching

If the server responds with Cache-Control: no-cache then a web browser or other caching system must not use the response to satisfy subsequent responses without first checking with the originating server. This header is part of HTTP/1.1, and is ignored by some caches and browsers. To make sure that an object is not cached, it is therefore sensible to also set the Expires HTTP 1.0 header to a value earlier than the response date (e.g. -1). This is interpreted as an instruction not to cache by HTTP/1.0 caches and browsers.

The fact that a resource is not to be cached is no guarantee that it will not be written to disk. In particular, the HTTP/1.1 definition draws a distinction between history stores and caches. If you use navigation buttons to go back to a previous page a browser may still show you a page that has been stored on disk in the history store, even if it has been instructed not to cache that page. This is correct behaviour according to the specification. Many user agents (including both Firefox and IE) will show different behaviour with regards to loading something from history store and loading something from its cache depending on whether the protocol is http or https.

In the rare event that you specifically do not want a resource to be stored to disk anywhere - perhaps the resource is highly sensitive and you don't want it to appear in backups or to be written to insecure permanent storage - you can use the header Cache-Control: no-store. This does not guarantee that the resource will not be written, but instructs the browser to make a best effort not to write it, or in the worst case, that it does not remain on disk.

The Pragma: no-cache header is an HTTP/1.0 header intended for use in requests. It is a means for the browser to tell the server and any intermediate caches that it wants a fresh version of the resource, not for the server to tell the browser not to cache the resource. Some user agents do pay attention to this header in responses (e.g. some versions of IE, but only when using https), but the HTTP/1.1 RFC specifically warns against relying on this behaviour.

[edit] References


[edit] See also

[edit] External links

Personal tools