HTTP Response Headers

HTTP response headers are a series of header fields sent by the server in response to a client's HTTP request. They provide additional information about the response and instructions from the server. Here are some common HTTP response headers:

Common HTTP Response Headers

  1. Date : The date and time when the response was generated.

    • Example: Wed, 18 Apr 2024 12:00:00 GMT
  2. Server : The name and version of the server software.

    • Example: Apache/2.4.1 (Unix)
  3. Content-Type : The media type (MIME type) of the response body.

    • Example: text/html; charset=UTF-8, application/json
  4. Content-Length : The size of the response body in bytes.

    • Example: 3145
  5. Content-Encoding : The compression encoding of the response body.

    • Example: gzip, deflate
  6. Content-Language: The language of the response body.

    • Example: zh-CN
  7. Content-Location : The URI of the response body.

    • Example: /index.html
  8. Content-Range : The byte range of the response body for partial transfers.

    • Example: bytes 0-999/8000
  9. Cache-Control : Controls the caching behavior of the response.

    • Example: no-cache (indicating the response must be revalidated with the server)
  10. Connection : Options for managing the connection.

    • Example: keep-alive (indicating the connection will not be closed after the transfer)
  11. Set-Cookie: Sets a cookie on the client.

    • Example: sessionId=abc123; Path=/; Secure
  12. Expires : The expiration date and time of the response.

    • Example: Thu, 18 Apr 2024 12:00:00 GMT
  13. Last-Modified : The date and time when the resource was last modified.

    • Example: Wed, 18 Apr 2024 11:00:00 GMT
  14. ETag : The identifier for a specific version of the resource.

    • Example: "33a64df551425fcc55e6"
  15. Location : The URI used for redirection.

    • Example: /newresource
  16. Pragma: Includes implementation-specific directives.

    • Example: no-cache
  17. WWW-Authenticate: Information for HTTP authentication.

    • Example: Basic realm="Access to the site"
  18. Accept-Ranges : Specifies the types of range requests the server accepts.

    • Example: bytes
  19. Age : The time in seconds since the response was generated by the origin server.

    • Example: 24
  20. Allow: Lists the HTTP methods allowed for a resource.

    • Example: GET, POST, HEAD
  21. Vary: Tells downstream proxies how to use headers to determine if the response can be retrieved from the cache.

    • Example: Accept
  22. Strict-Transport-Security : Instructs the browser to communicate with the server only via HTTPS.

    • Example: max-age=31536000; includeSubDomains
  23. X-Frame-Options : Controls whether the page can be displayed in a frame, preventing clickjacking attacks.

    • Example: SAMEORIGIN
  24. X-Content-Type-Options : Instructs the browser not to guess the MIME type of a resource.

    • Example: nosniff
  25. X-XSS-Protection: Controls the browser's XSS filtering and blocking.

    • Example: 1; mode=block
  26. Public-Key-Pins : HTTP header for HTTP Public Key Pinning (HPKP), a security mechanism to prevent man-in-the-middle attacks.

    • Example: pin-sha256="base64+primarykey"; pin-sha256="base64+backupkey"; max-age=expireTime

These response headers can vary in actual HTTP responses, and their specific values depend on the server's configuration and processing logic.