mozilla
Your Search Results

    HTTP headers

    HTTP message headers are used to precisely describe the resource being fetched or the behavior of the server or the client. Custom proprietary headers can be added using the 'X-' prefix; others are listed in an IANA registry, whose original content was defined in RFC 4229. IANA also maintain a registry of proposed new HTTP message headers.

    The following list summaries the headers and their usage:

    Header Description More information Standard
    Accept lists the MIME types expected by the user agent HTTP Content Negotiation HTTP/1.1
    Accept-Charset lists the character sets supported by the user agent HTTP Content Negotiation HTTP/1.1
    Accept-Features   HTTP Content Negotiation RFC 2295, §8.2
    Accept-Encoding lists the compression methods supported by the user agent HTTP Content Negotiation HTTP/1.1
    Accept-Language lists the languages the user agent expect the page in HTTP Content Negotiation HTTP/1.1
    Accept-Ranges      
    Access-Control-Allow-Credentials   HTTP Access Control and Server Side Access Control W3C Cross-Origin Resource Sharing
    Access-Control-Allow-Origin   HTTP Access Control and Server Side Access Control W3C Cross-Origin Resource Sharing
    Access-Control-Allow-Methods   HTTP Access Control and Server Side Access Control W3C Cross-Origin Resource Sharing
    Access-Control-Allow-Headers   HTTP Access Control and Server Side Access Control W3C Cross-Origin Resource Sharing
    Access-Control-Max-Age   HTTP Access Control and Server Side Access Control W3C Cross-Origin Resource Sharing
    Access-Control-Expose-Headers   HTTP Access Control and Server Side Access Control W3C Cross-Origin Resource Sharing
    Access-Control-Request-Method   HTTP Access Control and Server Side Access Control W3C Cross-Origin Resource Sharing
    Access-Control-Request-Headers   HTTP Access Control and Server Side Access Control W3C Cross-Origin Resource Sharing
    Age      
    Allow      
    Alternates   HTTP Content Negotiation RFC 2295, §8.3
    Authorization      
    Cache-Control   HTTP Caching FAQ  
    Connection      
    Content-Encoding      
    Content-Language      
    Content-Length      
    Content-Location      
    Content-MD5   Unimplemented (see bug 232030)  
    Content-Range      
    Content-Security-Policy Controls the resources a user agent is allowed to load for use on a given page.  CSP (Content Security Policy) W3C Content Security Policy
    Content-Type defines the MIME Type of the served document    
    Cookie     RFC 2109
    DNT with a value of 1, indicates that the user explicitly opt-out for any kind of tracking. Supported by Firefox 4, Firefox 5 for mobile, IE9 and a few major companies. Bug 628197
    Date      
    ETag   HTTP Caching FAQ  
    Expect      
    Expires   HTTP Caching FAQ  
    From      
    Host      
    If-Match      
    If-Modified-Since   HTTP Caching FAQ  
    If-None-Match   HTTP Caching FAQ  
    If-Range      
    If-Unmodified-Since      
    Last-Event-ID gives the id of the last events received by the server on a previous HTTP connection. Used to synchronize a stream of text/event-stream. Server-Sent Events Server-Sent Events spec
    Last-Modified   HTTP Caching FAQ  
    Link equivalent to the HTML <link> element, but on the HTTP layer, gives an URL related to the fetched resource, and the kind of relation.

    For the rel=prefetch case, see Link Prefetching FAQ

    Introduced in HTTP 1.1's RFC 2068, section 19.6.2.4, it was removed in the final HTTP 1.1 spec, then reintroduced, with some extensions, in RFC 5988

    Location      
    Max-Forwards      
    Negotiate   HTTP Content Negotiation RFC 2295, §8.4
    Origin   HTTP Access Control and Server Side Access Control W3C Cross-Origin Resource Sharing
    Pragma   for the pragma: nocache value see HTTP Caching FAQ  
    Proxy-Authenticate      
    Proxy-Authorization      
    Range      
    Referer (note that the orthographical error introduced in HTTP/0.9 spec had to be conserved in subsequent version of the protocol)    
    Retry-After      
    Sec-Websocket-Extensions      Websockets
    Sec-Websocket-Key      Websockets
    Sec-Websocket-Origin      Websockets
    Sec-Websocket-Protocol      Websockets
    Sec-Websocket-Version      Websockets
    Server      
    Set-Cookie     RFC 2109
    Set-Cookie2     RFC 2965
    Strict-Transport-Security   HTTP Strict Transport Security IETF reference
    TCN   HTTP Content Negotiation RFC 2295, §8.5
    TE      
    Trailer lists the headers that will be transmitted after the message body, in a trailer block. This allows servers to compute some values, like Content-MD5: while transmitting the data. Note that the Trailer: header must not list the Content-Length:, Trailer: or Transfer-Encoding: headers.   RFC 2616, §14.40
    Transfer-Encoding      
    Upgrade      
    User-Agent   for Gecko's user agents see the User Agents Reference  
    Variant-Vary   HTTP Content Negotiation RFC 2295, §8.6
    Vary lists the headers used as criteria for choosing a specific content by the web server. This server is important for efficient and correct caching of the resource sent. HTTP Content Negotiation & HTTP Caching FAQ  
    Via      
    Warning      
    WWW-Authenticate      
    X-Content-Duration   Configuring servers for Ogg media  
    X-Content-Security-Policy   Using Content Security Policy  
    X-DNSPrefetch-Control   Controlling DNS prefetching  
    X-Frame-Options   The XFrame-Option Response Header  
    X-Requested-With Often used with the value "XMLHttpRequest" when it is the case   Not standard

    Notes

    Note: The Keep-Alive request header is not sent by Gecko 5.0; previous versions did send it but it was not formatted correctly, so the decision was made to remove it for the time being. The Connection: or Proxy-Connection: header is still sent, however, with the value "keep-alive".

    See also

    Wikipedia page on List of HTTP headers

    Document Tags and Contributors

    Tags: 
    Contributors to this page: Sheppy, anthonyryan1, dbruant, jswisher, kscarfone, jpmedley, teoli, Tgr
    Last updated by: jpmedley,