HTTP Response Headers
HTTP response headers are a series of header fields sent by the server in response to a client's HTTP request. They provide additional information about the response and instructions from the server. Here are some common HTTP response headers:
Common HTTP Response Headers
-
Date : The date and time when the response was generated.
- Example:
Wed, 18 Apr 2024 12:00:00 GMT
- Example:
-
Server : The name and version of the server software.
- Example:
Apache/2.4.1 (Unix)
- Example:
-
Content-Type : The media type (MIME type) of the response body.
- Example:
text/html; charset=UTF-8
,application/json
- Example:
-
Content-Length : The size of the response body in bytes.
- Example:
3145
- Example:
-
Content-Encoding : The compression encoding of the response body.
- Example:
gzip
,deflate
- Example:
-
Content-Language: The language of the response body.
- Example:
zh-CN
- Example:
-
Content-Location : The URI of the response body.
- Example:
/index.html
- Example:
-
Content-Range : The byte range of the response body for partial transfers.
- Example:
bytes 0-999/8000
- Example:
-
Cache-Control : Controls the caching behavior of the response.
- Example:
no-cache
(indicating the response must be revalidated with the server)
- Example:
-
Connection : Options for managing the connection.
- Example:
keep-alive
(indicating the connection will not be closed after the transfer)
- Example:
-
Set-Cookie: Sets a cookie on the client.
- Example:
sessionId=abc123; Path=/; Secure
- Example:
-
Expires : The expiration date and time of the response.
- Example:
Thu, 18 Apr 2024 12:00:00 GMT
- Example:
-
Last-Modified : The date and time when the resource was last modified.
- Example:
Wed, 18 Apr 2024 11:00:00 GMT
- Example:
-
ETag : The identifier for a specific version of the resource.
- Example:
"33a64df551425fcc55e6"
- Example:
-
Location : The URI used for redirection.
- Example:
/newresource
- Example:
-
Pragma: Includes implementation-specific directives.
- Example:
no-cache
- Example:
-
WWW-Authenticate: Information for HTTP authentication.
- Example:
Basic realm="Access to the site"
- Example:
-
Accept-Ranges : Specifies the types of range requests the server accepts.
- Example:
bytes
- Example:
-
Age : The time in seconds since the response was generated by the origin server.
- Example:
24
- Example:
-
Allow: Lists the HTTP methods allowed for a resource.
- Example:
GET, POST, HEAD
- Example:
-
Vary: Tells downstream proxies how to use headers to determine if the response can be retrieved from the cache.
- Example:
Accept
- Example:
-
Strict-Transport-Security : Instructs the browser to communicate with the server only via HTTPS.
- Example:
max-age=31536000; includeSubDomains
- Example:
-
X-Frame-Options : Controls whether the page can be displayed in a frame, preventing clickjacking attacks.
- Example:
SAMEORIGIN
- Example:
-
X-Content-Type-Options : Instructs the browser not to guess the MIME type of a resource.
- Example:
nosniff
- Example:
-
X-XSS-Protection: Controls the browser's XSS filtering and blocking.
- Example:
1; mode=block
- Example:
-
Public-Key-Pins : HTTP header for HTTP Public Key Pinning (HPKP), a security mechanism to prevent man-in-the-middle attacks.
- Example:
pin-sha256="base64+primarykey"; pin-sha256="base64+backupkey"; max-age=expireTime
- Example:
These response headers can vary in actual HTTP responses, and their specific values depend on the server's configuration and processing logic.