HTTP Index

This page lists all MDN HTTP pages along with their summary and tags.

Found 297 pages:

# Page Tags and summary
1 HTTP HTTP, Hypertext, Reference, TCP/IP, Web, Web Development, l10n:priority
Hypertext Transfer Protocol (HTTP) is an application-layer protocol for transmitting hypermedia documents, such as HTML. It was designed for communication between web browsers and web servers, but it can also be used for other purposes. HTTP follows a classical client-server model, with a client opening a connection to make a request, then waiting until it receives a response. HTTP is a stateless protocol, meaning that the server does not keep any data (state) between two requests.
2 HTTP authentication Access Control, Authentication, Guide, HTTP, Security
HTTP provides a general framework for access control and authentication. This page is an introduction to the HTTP framework for authentication, and shows how to restrict access to your server using the HTTP "Basic" schema.
3 Basics of HTTP Guide, HTTP, Overview
HTTP is an extensible protocol that relies on concepts like resources and Uniform Resource Identifiers (URIs), simple message structure, and client-server communication flow. On top of these basic concepts, numerous extensions have been developed over the years that add updated functionality and semantics with new HTTP methods or headers.
4 Choosing between www and non-www URLs Guide, HTTP, URL
A recurring question among website owners is whether to choose non-www or www URLs. This page provides some advice on what's best.
5 Data URLs Base64, Guide, HTTP, Intermediate, URL
Data URLs, URLs prefixed with the data: scheme, allow content creators to embed small files inline in documents. They were formerly known as "data URIs" until that name was retired by the WHATWG.
6 Evolution of HTTP Guide, HTTP, NeedsUpdate, NeedsUpdate(HTTP/3)
HTTP (HyperText Transfer Protocol) is the underlying protocol of the World Wide Web. Developed by Tim Berners-Lee and his team between 1989-1991, HTTP has gone through many changes that have helped maintain its simplicity while shaping its flexibility. Keep reading to learn how HTTP evolved from a protocol designed to exchange files in a semitrusted laboratory environment into a modern internet maze that carries images and videos in high resolution and 3D.
7 Identifying resources on the Web Domain, HTTP, Path, Scheme, Syntax, URI, URL, URL Syntax, Web, fragment, port, query, resources
The target of an HTTP request is called a "resource", whose nature isn't defined further; it can be a document, a photo, or anything else. Each resource is identified by a Uniform Resource Identifier (URI) used throughout HTTP for identifying resources.
8 MIME types (IANA media types) Content-Type, Guide, HTTP, MIME Types, Meta, Request header, Response Header, application/javascript, application/json, application/xml
A media type (also known as a Multipurpose Internet Mail Extensions or MIME type) is a standard that indicates the nature and format of a document, file, or assortment of bytes. It is defined and standardized in IETF's 6838.
9 Common MIME types Audio, File Types, Files, HTTP, MIME, MIME Types, PHP, Reference, Text, Types, Video
Here is a list of MIME types, associated by type of documents, ordered by their common extensions.
10 Resource URLs Guide, HTTP, Intermediate, Resource
Resource URLs, URLs prefixed with the resource: scheme, are used by Firefox and Firefox browser extensions to load resources internally, but some of the information is available to sites the browser connects to as well.
11 Browser detection using the user agent Compatibility, HTTP, Web Development
Serving different Web pages or services to different browsers is usually a bad idea. The Web is meant to be accessible to everyone, regardless of which browser or device they're using. There are ways to develop your website to progressively enhance itself based on the availability of features rather than by targeting specific browsers.
12 HTTP caching Caching, Guide, HTTP
The performance of web sites and applications can be significantly improved by reusing previously fetched resources. Web caches reduce latency and network traffic and thus lessen the time needed to display resource representations. HTTP caching makes Web sites more responsive.
13 Compression in HTTP Guide, HTTP, compression
Compression is an important way to increase the performance of a Web site. For some documents, size reduction of up to 70% lowers the bandwidth capacity needs. Over the years, algorithms also got more efficient, and new ones are supported by clients and servers.
14 HTTP conditional requests Conditional Requests, Guide, HTTP
HTTP has a concept of conditional requests, where the result, and even the success of a request, can be changed by comparing the affected resources with the value of a validator. Such requests can be useful to validate the content of a cache, and sparing a useless control, to verify the integrity of a document, like when resuming a download, or when preventing lose updates when uploading or modifying a document on the server.
15 Configuring servers for Ogg media Audio, HTTP, Media, Ogg, Video
HTML audio and video elements allow media presentation without the need for the user to install any plug-ins or other software to do so. This guide covers a few server configuration changes that may be necessary for your web server to correctly serve Ogg media files. This information may also be useful if you encounter other media types your server isn't already configured to recognize.
16 Connection management in HTTP/1.x Connection Management, Guide, HTTP, Networking, Performance, WebMechanics
Connection management is a key topic in HTTP: opening and maintaining connections largely impacts the performance of Web sites and Web applications. In HTTP/1.x, there are several models: short-lived connections, persistent connections, and HTTP pipelining.
17 Content negotiation Content Negotiation, Content Negotiation Reference, HTTP, Reference
In HTTP, content negotiation is the mechanism that is used for serving different Representation header of a resource to the same URI to help the user agent specify which representation is best suited for the user (for example, which document language, which image format, or which content encoding).
18 List of default Accept values Accept, Content Negotiation, HTTP, Reference
This article documents the default values for the HTTP Accept header for specific inputs and browser versions.
19 Using HTTP cookies Advertising, Browser, Cookies, Cookies Article, Guide, HTTP, History, JavaScript, Privacy, Protocols, Server, Storage, Web Development, data, request, tracking
An HTTP cookie (web cookie, browser cookie) is a small piece of data that a server sends to a user's web browser. The browser may store the cookie and send it back to the same server with later requests. Typically, an HTTP cookie is used to tell if two requests come from the same browser—keeping a user logged in, for example. It remembers stateful information for the stateless HTTP protocol.
20 Cross-Origin Resource Sharing (CORS) AJAX, CORS, Cross-Origin Resource Sharing, Fetch, Fetch API, HTTP, HTTP Access Controls, Same-origin policy, Security, XMLHttpRequest, l10n:priority
Cross-Origin Resource Sharing (CORS) is an HTTP-header based mechanism that allows a server to indicate any origins (domain, scheme, or port) other than its own from which a browser should permit loading resources. CORS also relies on a mechanism by which browsers make a "preflight" request to the server hosting the cross-origin resource, in order to check that the server will permit the actual request. In that preflight, the browser sends headers that indicate the HTTP method and headers that will be used in the actual request.
21 CORS errors CORS, Errors, HTTP, HTTPS, Messages, Same-origin, Security, console, troubleshooting
Cross-Origin Resource Sharing (CORS) is a standard that allows a server to relax the same-origin policy. This is used to explicitly allow some cross-origin requests while rejecting others. For example, if a site offers an embeddable service, it may be necessary to relax certain restrictions. Setting up such a CORS configuration isn't necessarily easy and may present some challenges. In these pages, we'll look into some common CORS error messages and how to resolve them.
22 Reason: CORS header 'Access-Control-Allow-Origin' does not match 'xyz' CORS, CORSAllowOriginNotMatchingOrigin, Cross-Origin, Error, HTTP, HTTPS, Messages, Reasons, Security, console, troubleshooting
The origin making the request does not match the origin permitted by the Access-Control-Allow-Origin header. This error can also occur if the response includes more than one Access-Control-Allow-Origin header.
23 Reason: CORS request did not succeed CORS, CORSDidNotSucceed, Cross-Origin, Error, HTTP, HTTPS, Messages, Reasons, Security, console, troubleshooting
The HTTP request which makes use of CORS failed because the HTTP connection failed at either the network or protocol level. The error is not directly related to CORS, but is a fundamental network error of some kind.
24 Reason: CORS disabled Authentication, Authentication Article, CORS, Cross-Origin, Disabled, Errors, HTTP, HTTPS, Messages, Resource, Same Origin, Same-origin, Security, Sharing, Validation, secure, troubleshooting
A request that needs to use CORS was attempted, but CORS is disabled in the user's browser. When this happens, the user needs to turn CORS back on in their browser.
25 Reason: CORS request external redirect not allowed CORS, CORSOriginHeaderNotAdded, Cross-Origin, Error, HTTP, HTTPS, Messages, Reasons, Security, console, troubleshooting
The CORS request was responded to by the server with an HTTP redirect to a URL on a different origin than the original request, which is not permitted during CORS requests.
26 Reason: invalid token ‘xyz’ in CORS header ‘Access-Control-Allow-Headers’ CORS, CORSInvalidAllowHeader, Cross-Origin, Error, HTTP, HTTPS, Messages, Reasons, Security, console, troubleshooting
The response to the CORS request that was sent by the server includes an Access-Control-Allow-Headers header which includes at least one invalid header name.
27 Reason: invalid token ‘xyz’ in CORS header ‘Access-Control-Allow-Methods’ CORS, CORSInvalidAllowMethod, Cross-Origin, Error, HTTP, HTTPS, Messages, Reasons, Security, console, troubleshooting
The response to the CORS request that was sent by the server includes an Access-Control-Allow-Methods header which includes at least one invalid method name.
28 Reason: Did not find method in CORS header ‘Access-Control-Allow-Methods’ CORS, CORSMethodNotFound, Cross-Origin, Error, HTTP, HTTPS, Messages, Reasons, Security, console, troubleshooting
The HTTP method being used by the CORS request is not included in the list of methods specified by the response's Access-Control-Allow-Methods header. This header specifies a comma-delineated list of the HTTP methods which may be used when using CORS to access the URL specified in the request; if the request is using any other method, this error occurs.
29 Reason: expected ‘true’ in CORS header ‘Access-Control-Allow-Credentials’ CORS, CORSMissingAllowCredentials, Cross-Origin, Error, HTTP, HTTPS, Messages, Reasons, Security, console, troubleshooting
The CORS request requires that the server permit the use of credentials, but the server's Access-Control-Allow-Credentials header's value isn't set to true to enable their use.
30 Reason: missing token ‘xyz’ in CORS header ‘Access-Control-Allow-Headers’ from CORS preflight channel CORS, CORSMissingAllowHeaderFromPreflight, Cross-Origin, Error, HTTP, HTTPS, Messages, Reasons, Security, console, troubleshooting
The Access-Control-Allow-Headers header is sent by the server to let the client know which headers it supports for CORS requests. The value of Access-Control-Allow-Headers should be a comma-delineated list of header names, such as "X-Custom-Information" or any of the standard but non-basic header names (which are always allowed).
31 Reason: CORS header 'Access-Control-Allow-Origin' missing CORS, CORSMissingAllowOrigin, Cross-Origin, Error, HTTP, HTTPS, Messages, Reasons, Security, console, troubleshooting
The response to the CORS request is missing the required Access-Control-Allow-Origin header, which is used to determine whether or not the resource can be accessed by content operating within the current origin.
32 Reason: Multiple CORS header 'Access-Control-Allow-Origin' not allowed CORS, CORSMultipleAllowOriginNotAllowed, Cross-Origin, Error, HTTP, HTTPS, Messages, Reasons, Security, console, troubleshooting
More than one Access-Control-Allow-Origin header was sent by the server. This isn't allowed.
33 Reason: Credential is not supported if the CORS header ‘Access-Control-Allow-Origin’ is ‘*’ CORS, CORSNotSupportingCredentials, Cross-Origin, Error, HTTP, HTTPS, Messages, Reasons, Security, console, troubleshooting
The CORS request was attempted with the credentials flag set, but the server is configured using the wildcard ("*") as the value of Access-Control-Allow-Origin, which doesn't allow the use of credentials.
34 Reason: CORS header ‘Origin’ cannot be added CORS, CORSOriginHeaderNotAdded, Cross-Origin, Error, HTTP, HTTPS, Messages, Reasons, Security, console, troubleshooting
The user agent was unable to add the required Origin header to the HTTP request. All CORS requests must have an Origin header.
35 Reason: CORS preflight channel did not succeed CORS, CORSPreflightDidNotSucceed, Cross-Origin, Error, HTTP, HTTPS, Messages, Reasons, Security, console, troubleshooting
The CORS request requires preflight, preflighting could not be performed. There are a couple of reasons why preflighting might fail:
36 Reason: CORS request not HTTP CORS, CORSRequestNotHttp, Cross-Origin, Error, HTTP, HTTPS, Messages, Reasons, Security, console, troubleshooting
CORS requests may only use the HTTPS URL scheme, but the URL specified by the request is of a different type. This often occurs if the URL specifies a local file, using a file:/// URL.
37 Cross-Origin Resource Policy (CORP) HTTP, Reference, Security
Cross-Origin Resource Policy is a policy set by the Cross-Origin-Resource-Policy HTTP header that lets web sites and applications opt in to protection against certain requests from other origins (such as those issued with elements like <script> and <img>), to mitigate speculative side-channel attacks, like Spectre, as well as Cross-Site Script Inclusion attacks.
38 Content Security Policy (CSP) CSP, Content Security Policy, Example, Guide, Security, access
Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross-Site Scripting (Cross-site_scripting) and data injection attacks. These attacks are used for everything from data theft to site defacement to distribute malware.
39 CSP errors and warnings (Content Security Policy) CSP, Errors, HTTP, Landing, Messages, Warnings, console, log
This page will be a parent for reference articles about CSP errors and warnings, and will provide an overview of them, and generic troubleshooting advice, if possible.
40 Content Security Policy: The page’s settings blocked the loading of a resource: xyz CSP, CSPViolation, Content Security Policy, HTTP, HTTPS, NeedsContent, Reference, Security, Warning, Web security, message
The warning "Content Security Policy: The page's settings blocked the loading of a resource: xyz" occurs when the page's CSP configuration given by xyz prevents the resource from being loaded into the document's context.
41 Feature Policy Feature Policy, Feature-Policy, HTTP, Introduction, Overview, Reference, Security, access, delegation, header, permission
Feature Policy allows web developers to selectively enable, disable, and modify the behavior of certain features and APIs in the browser. It is similar to CSP but controls features instead of security behavior.
42 Using Feature Policy Feature Policy, Feature-Policy, HTTP, Permissions, Privileges, Reference, Security, access, delegation, header
Feature Policy allows you to control which origins can use which features, both in the top-level page and in embedded frames. Essentially, you write a policy, which is an allowed list of origins for each feature. For every feature controlled by Feature Policy, the feature is only enabled in the current document or frame if its origin matches the allowed list of origins.
43 HTTP headers HTTP, HTTP Header, Headers, Networking, Overview, Reference
HTTP headers let the client and the server pass additional information with an HTTP request or response. An HTTP header consists of its case-insensitive name followed by a colon (:), then by its value. Whitespace before the value is ignored.
44 Accept-CH-Lifetime Accept-CH-Lifetime, Client hints, Deprecated, Experimental, HTTP, HTTP Header, Non-standard, Response header
The Accept-CH-Lifetime header is set by the server to specify the persistence of the client hint headers it specified using Accept-CH, that the client should include in subsequent requests.
45 Accept-CH Accept-CH, Client hints, HTTP, HTTP Header, Response header
The Accept-CH header may be set by a server to specify which client hints headers a client should include in subsequent requests.
46 Accept-Charset Content Negotiation, HTTP, HTTP Header, Reference, Request header
The Accept-Charset request HTTP header was a header that advertised a client's supported character encoding. It is no longer widely used.
47 Accept-Encoding Content Negotiation, HTTP, HTTP Header, Reference, Request header
The Accept-Encoding request HTTP header indicates the content encoding (usually a compression algorithm) that the client can understand. The server uses content negotiation to select one of the proposal and informs the client of that choice with the Content-Encoding response header.
48 Accept-Language Accept-Language, Content Negotiation, HTTP, HTTP Header, Reference, Request header
The Accept-Language request HTTP header indicates the natural language and locale that the client prefers. The server uses content negotiation to select one of the proposals and informs the client of the choice with the Content-Language response header. Browsers set required values for this header according to their active user interface language. Users rarely change it, and such changes are not recommended because they may lead to fingerprinting.
49 Accept-Patch HTTP, Reference
The Accept-Patch response HTTP header advertises which media-type the server is able to understand in a PATCH request.
50 Accept-Post Accept-Post, HTTP, HTTP Header, Response Header
The Accept-Post response HTTP header advertises which media types are accepted by the server for HTTP post requests.
51 Accept-Ranges HTTP, HTTP Header, Range Requests, Reference, Response Header
The Accept-Ranges HTTP response header is a marker used by the server to advertise its support for partial requests from the client for file downloads. The value of this field indicates the unit that can be used to define a range.
52 Accept HTTP, HTTP Header, Reference, Request header
The Accept request HTTP header indicates which content types, expressed as MIME types, the client is able to understand. The server uses content negotiation to select one of the proposals and informs the client of the choice with the Content-Type response header. Browsers set required values for this header based on the context of the request. For example, a browser uses different values in a request when fetches a CSS stylesheet, image, video, or a script.
53 Access-Control-Allow-Credentials Access-Control-Allow-Credentials, CORS, HTTP, Reference, credentials, header
The Access-Control-Allow-Credentials response header tells browsers whether to expose the response to the frontend JavaScript code when the request's credentials mode (Request.credentials) is include.
54 Access-Control-Allow-Headers CORS, HTTP, Reference, Response Header, header
The Access-Control-Allow-Headers response header is used in response to a preflight request which includes the Access-Control-Request-Headers to indicate which HTTP headers can be used during the actual request.
55 Access-Control-Allow-Methods CORS, HTTP, Reference, header
The Access-Control-Allow-Methods response header specifies one or more methods allowed when accessing a resource in response to a preflight request.
56 Access-Control-Allow-Origin Access Control, Access-Control-Allow-Origin, CORS, Dealing with CORS, HTTP, HTTP Header, How to Fix CORS, Reference, Security, cross-origin issue, header, origin
The Access-Control-Allow-Origin response header indicates whether the response can be shared with requesting code from the given origin.
57 Access-Control-Expose-Headers CORS, HTTP, Reference, header
The Access-Control-Expose-Headers response header allows a server to indicate which response headers should be made available to scripts running in the browser, in response to a cross-origin request.
58 Access-Control-Max-Age CORS, HTTP, Reference, header
The Access-Control-Max-Age response header indicates how long the results of a preflight request (that is the information contained in the Access-Control-Allow-Methods and Access-Control-Allow-Headers headers) can be cached.
59 Access-Control-Request-Headers CORS, HTTP, Reference, header
The Access-Control-Request-Headers request header is used by browsers when issuing a preflight request to let the server know which HTTP headers the client might send when the actual request is made (such as with XMLHttpRequest.setRequestHeader()). The complementary server-side header of Access-Control-Allow-Headers will answer this browser-side header.
60 Access-Control-Request-Method CORS, HTTP, Reference, header
The Access-Control-Request-Method request header is used by browsers when issuing a preflight request, to let the server know which HTTP method will be used when the actual request is made. This header is necessary as the preflight request is always an OPTIONS and doesn't use the same method as the actual request.
61 Age Caching, HTTP, Response, header
The Age header contains the time in seconds the object was in a proxy cache.
62 Allow HTTP, HTTP Header, Reference, Response header
The Allow header lists the set of methods supported by a resource.
63 Alt-Svc HTTP, HTTP Header, NeedsCompatTable, Reference
The Alt-Svc HTTP header allows a server to indicate that a particular resource should be loaded from a different server — while still appearing to the user as if were loaded from the same server.
64 Authorization Authentication, Authorization, HTTP, HTTP Header, Header, Reference, Request header
The HTTP Authorization request header can be used to provide credentials that authenticate a user agent with a server, allowing access to a protected resource.
65 Cache-Control Cache-Control, HTTP, HTTP Header, Reference, Request header, Response header
The Cache-Control HTTP header holds directives (instructions) for caching in both requests and responses. If a given directive is in a request, it does not mean this directive is in the response.
66 Clear-Site-Data HTTP, HTTP Header, Reference, Response Header, header
The Clear-Site-Data header clears browsing data (cookies, storage, cache) associated with the requesting website. It allows web developers to have more control over the data stored by a client browser for their origins.
67 Connection HTTP, HTTP Header, Reference, Request header, Response header, Web
The Connection general header controls whether the network connection stays open after the current transaction finishes. If the value sent is keep-alive, the connection is persistent and not closed, allowing for subsequent requests to the same server to be done.
68 Content-Disposition HTTP, HTTP Header, Reference, Request header, Response header
In a regular HTTP response, the Content-Disposition response header is a header indicating if the content is expected to be displayed inline in the browser, that is, as a Web page or as part of a Web page, or as an attachment, that is downloaded and saved locally.
69 Content-DPR Client hints, Content-DPR, Deprecated, Exerimental, HTTP, HTTP Header, Non-standard, Response header
The Content-DPR response header is used to confirm the image device to pixel ratio in requests where the screen DPR client hint was used to select an image resource.
70 Content-Encoding HTTP, Headers, Reference
The Content-Encoding representation header lists any encodings that have been applied to the representation (message payload), and in what order. This lets the recipient know how to decode the representation in order to obtain the original payload format. Content encoding is mainly used to compress the message data without losing information about the origin media type.
71 Content-Language HTTP, Headers, Reference
The Content-Language representation header is used to describe the language(s) intended for the audience, so users can differentiate it according to their own preferred language.
72 Content-Length Content-Length, HTTP, HTTP header, Payload header, Reference, Request header, Response header
The Content-Length header indicates the size of the message body, in bytes, sent to the recipient.
73 Content-Location HTTP, Reference, header
The Content-Location header indicates an alternate location for the returned data. The principal use is to indicate the URL of a resource transmitted as the result of content negotiation.
74 Content-Range HTTP, HTTP Header, Header, Payload header, Reference, Response Header
The Content-Range response HTTP header indicates where in a full body message a partial message belongs.
75 Content-Security-Policy-Report-Only CSP, HTTP, HTTPS, Reference, Security, header
The HTTP Content-Security-Policy-Report-Only response header allows web developers to experiment with policies by monitoring (but not enforcing) their effects. These violation reports consist of JSON documents sent via an HTTP POST request to the specified URI.
76 Content-Security-Policy CSP, Content Security Policy, HTTP, Reference, Security, header
The HTTP Content-Security-Policy response header allows web site administrators to control resources the user agent is allowed to load for a given page. With a few exceptions, policies mostly involve specifying server origins and script endpoints. This helps guard against cross-site scripting attacks (Cross-site_scripting).
77 CSP: base-uri CSP, Directive, Document directive, HTTP, Security
The HTTP Content-Security-Policy base-uri directive restricts the URLs which can be used in a document's base element. If this value is absent, then any URI is allowed. If this directive is absent, the user agent will use the value in the base element.
78 CSP: block-all-mixed-content CSP, Content-Security-Policy, Directive, HTTP, Mixed Content, Reference, Security, block-all-mixed-content
The HTTP Content-Security-Policy (CSP) block-all-mixed-content directive prevents loading any assets over HTTP when the page uses HTTPS.
79 CSP: child-src CSP, Child, Content-Security-Policy, Directive, HTTP, Reference, Security, child-src, source
The HTTP Content-Security-Policy (CSP) child-src directive defines the valid sources for web workers and nested browsing contexts loaded using elements such as frame and iframe. For workers, non-compliant requests are treated as fatal network errors by the user agent.
80 CSP: connect-src CSP, Content-Security-Policy, Directive, HTTP, Reference, Security, connect-src, source
The HTTP Content-Security-Policy (CSP) connect-src directive restricts the URLs which can be loaded using script interfaces. The APIs that are restricted are:
81 CSP: default-src CSP, Content-Security-Policy, Directive, HTTP, Reference, Security, default, default-src, source
The HTTP Content-Security-Policy (CSP) default-src directive serves as a fallback for the other CSP fetch directive. For each of the following directives that are absent, the user agent looks for the default-src directive and uses this value for it:
82 CSP: font-src CSP, Content-Security-Policy, Directive, HTTP, Reference, Security, font, source
The HTTP Content-Security-Policy (CSP) font-src directive specifies valid sources for fonts loaded using @font-face.
83 CSP: form-action CSP, Content-Security-Policy, Directive, HTTP, Security, action, form, form-action
The HTTP Content-Security-Policy (CSP) form-action directive restricts the URLs which can be used as the target of a form submissions from a given context.
84 CSP: frame-ancestors Ancestors, CSP, Content-Security-Policy, Directive, Frame, HTTP, Security, frame-ancestors
The HTTP Content-Security-Policy (CSP) frame-ancestors directive specifies valid parents that may embed a page using frame, iframe, object, embed, or applet.
85 CSP: frame-src CSP, Content-Security-Policy, Directive, Frame, HTTP, Reference, Security, frame-src, source
The HTTP Content-Security-Policy (CSP) frame-src directive specifies valid sources for nested browsing contexts loading using elements such as frame and iframe.
86 CSP: img-src CSP, Content-Security-Policy, Directive, HTTP, Image, Reference, Security, img-src, source
The HTTP Content-Security-Policy img-src directive specifies valid sources of images and favicons.
87 CSP: manifest-src CSP, Content-Security-Policy, Directive, HTTP, Manifest, Reference, Security, manifest-src, source
The HTTP Content-Security-Policy: manifest-src directive specifies which manifest can be applied to the resource.
88 CSP: media-src CSP, Content-Security-Policy, Directive, HTTP, Media, Reference, Security, media-src, source
The HTTP Content-Security-Policy (CSP) media-src directive specifies valid sources for loading media using the audio and video elements.
89 CSP: navigate-to CSP, Content-Security-Policy, Directive, HTTP, Navigation, Reference, Security
The HTTP Content-Security-Policy (CSP) navigate-to directive restricts the URLs to which a document can initiate navigations by any means including form (if form-action is not specified), a, window.location, window.open, etc. This is an enforcement on what navigations this document initiates, not on what this document is allowed to navigate to.
90 CSP: object-src CSP, Content-Security-Policy, Directive, HTTP, Object, Reference, Security, object-src, source
The HTTP Content-Security-Policy object-src directive specifies valid sources for the object, embed, and applet elements.
91 CSP: plugin-types CSP, Content-Security-Policy, Directive, Flash, HTTP, Java, Plugin, Plugins, Security
The HTTP Content-Security-Policy (CSP) plugin-types directive restricts the set of plugins that can be embedded into a document by limiting the types of resources which can be loaded.
92 CSP: prefetch-src CSP, Content Security Policy, Directive, HTTP, Reference, prefetch-src
The HTTP Content-Security-Policy (CSP) prefetch-src directive specifies valid resources that may be prefetched or prerendered.
93 CSP: referrer CSP, Content-Security-Policy, Deprecated, Directive, HTTP, Reference, Security, referrer
The HTTP Content-Security-Policy (CSP) referrer directive used to specify information in the Referer header (with a single r as this was a typo in the original spec) for links away from a page. This API is deprecated and removed from browsers.
94 CSP: report-to CSP, Content Security Policy, Content-Security-Policy, HTTP, Reporting, Security, report-to
The Content-Security-Policy Report-To HTTP response header field instructs the user agent to store reporting endpoints for an origin.
95 CSP: report-uri CSP, Directive, HTTP, Reference, Security
The deprecated HTTP Content-Security-Policy (CSP) report-uri directive instructs the user agent to report attempts to violate the Content Security Policy. These violation reports consist of JSON documents sent via an HTTP POST request to the specified URI.
96 CSP: require-sri-for CSP, Directive, HTTP, Reference, Security, Subresource Integrity, require-sri-for
The HTTP Content-Security-Policy require-sri-for directive instructs the client to require the use of Subresource Integrity for scripts or styles on the page.
97 CSP: require-trusted-types-for CSP, Directive, HTTP, Security
The HTTP Content-Security-Policy (CSP) require-trusted-types-for  directive instructs user agents to control the data passed to DOM XSS sink functions, like Element.innerHTML setter.
98 CSP: sandbox CSP, Content-Security-Policy, Directive, HTTP, Sandbox, Security
The HTTP Content-Security-Policy (CSP) sandbox directive enables a sandbox for the requested resource similar to the iframe sandbox attribute. It applies restrictions to a page's actions including preventing popups, preventing the execution of plugins and scripts, and enforcing a same-origin policy.
99 CSP: script-src-attr CSP, Content, Content-Security-Policy, Directive, HTTP, Reference, Script, Security, script-src, source
The HTTP Content-Security-Policy (CSP) script-src-attr directive specifies valid sources for JavaScript inline event handlers. This includes only inline script event handlers like onclick, but not URLs loaded directly into script elements.
100 CSP: script-src-elem CSP, Content, Content-Security-Policy, Directive, HTTP, Reference, Script, Security, script-src, source
The HTTP Content-Security-Policy (CSP) script-src-elem directive specifies valid sources for JavaScript script elements, but not inline script event handlers like onclick.
101 CSP: script-src CSP, Content, Content-Security-Policy, Directive, HTTP, Reference, Script, Security, script-src, source
The HTTP Content-Security-Policy (CSP) script-src directive specifies valid sources for JavaScript. This includes not only URLs loaded directly into script elements, but also things like inline script event handlers (onclick) and XSLT stylesheets which can trigger script execution.
102 CSP: style-src-attr CSP, Content, Content-Security-Policy, Directive, HTTP, Reference, Security, Style, source, style-src, style-src-attr
The HTTP Content-Security-Policy (CSP) style-src-attr directive specifies valid sources for inline styles applied to individual DOM elements.
103 CSP: style-src-elem CSP, Content, Content-Security-Policy, Directive, HTTP, Reference, Security, Style, source, style-src, style-src-elem
The HTTP Content-Security-Policy (CSP) style-src-elem directive specifies valid sources for stylesheets style elements and link elements with rel="stylesheet".
104 CSP: style-src CSP, Content, Content-Security-Policy, Directive, HTTP, Reference, Security, Style, source, style-src
The HTTP Content-Security-Policy (CSP) style-src directive specifies valid sources for stylesheets.
105 CSP: trusted-types CSP, Directive, HTTP, Security
The HTTP Content-Security-Policy (CSP) trusted-types directive instructs user agents to restrict the creation of Trusted Types policies - functions that build non-spoofable, typed values intended to be passed to DOM XSS sinks in place of strings.
106 CSP: upgrade-insecure-requests CSP, Content-Security-Policy, Directive, HTTP, Reference, Requests, Security, Upgrade, upgrade-insecure-requests
The HTTP Content-Security-Policy (CSP) upgrade-insecure-requests directive instructs user agents to treat all of a site's insecure URLs (those served over HTTP) as though they have been replaced with secure URLs (those served over HTTPS). This directive is intended for web sites with large numbers of insecure legacy URLs that need to be rewritten.
107 CSP: worker-src CSP, Content-Security-Policy, Directive, HTTP, Reference, Security
The HTTP Content-Security-Policy (CSP) worker-src directive specifies valid sources for Worker, SharedWorker, or ServiceWorker scripts.
108 Content-Type Content-Type, HTTP, HTTP header, Reference, Representation header
The Content-Type representation header is used to indicate the original MIME type of the resource (prior to any content encoding applied for sending).
109 Cookie Cookies, HTTP, Reference, header, request
The Cookie HTTP request header contains stored HTTP cookies associated with the server (i.e. previously sent by the server with the Set-Cookie header or set in Javascript using Document.cookie).
110 Cookie2 Deprecated, HTTP, Reference, header, request
The obsolete Cookie2 HTTP request header used to advise the server that the user agent understands "new-style" cookies, but nowadays user agents will use the Cookie header instead, not this one.
111 Cross-Origin-Embedder-Policy HTTP, HTTP Header, Reference, Response Header, header
The HTTP Cross-Origin-Embedder-Policy (COEP) response header prevents a document from loading any cross-origin resources that don't explicitly grant the document permission (using CORP or CORS).
112 Cross-Origin-Opener-Policy HTTP, HTTP Header, Reference, Response Header, header
The HTTP Cross-Origin-Opener-Policy (COOP) response header allows you to ensure a top-level document does not share a browsing context group with cross-origin documents.
113 Cross-Origin-Resource-Policy HTTP, HTTP Header, Reference, Response Header, header
The HTTP Cross-Origin-Resource-Policy response header conveys a desire that the browser blocks no-cors cross-origin/cross-site requests to the given resource.
114 Date HTTP, HTTP Header, Reference, Request header, Response header
The Date general HTTP header contains the date and time at which the message was originated.
115 Device-Memory Client hints, Device Memory API, Device-Memory, Experimental, HTTP, HTTP Header, Request header
The Device-Memory Client hints request header field indicates the approximate amount of available RAM on the client device. The header is part of the Device Memory API.
116 Digest Digest, HTTP, HTTP Header
The Digest response HTTP header provides a digest of the selected representation of the requested resource.
117 DNT DNT, HTTP, Reference, header
The DNT (Do Not Track) request header indicates the user's tracking preference. It lets users indicate whether they would prefer privacy rather than personalized content.
118 Downlink Client hints, Client hints, Downlink, Experimental, HTTP, HTTP Header, Request header
The Downlink Client hints request header field provides the approximate bandwidth of the client's connection to the server, in Mbps.
119 DPR Client hints, DPR, Deprecated, Exerimental, HTTP, HTTP Header, Non-standard, Request header
The DPR device client hint request header provides the client device pixel ratio. This ratio is the number of physical device pixels corresponding to every CSS pixel.
120 Early-Data Client hints, Early-Data, Experimental, HTTP, HTTP Header, Reference, Request header
The Early-Data header is set by an intermediary to indicate that the request has been conveyed in TLS early data, and also indicates that the intermediary understands the 425 status code.
121 ECT Client hints, Client hints, Experimental, HTTP, HTTP Header, Request header, ect
The ECT Client hints request header field indicates the effective connection type: slow-2g, 2g, 3g, 4g.
122 ETag HTTP, Reference, Response, header
The ETag (or entity tag) HTTP response header is an identifier for a specific version of a resource. It lets caches be more efficient and save bandwidth, as a web server does not need to resend a full response if the content was not changed. Additionally, etags help to prevent simultaneous updates of a resource from overwriting each other ("mid-air collisions").
123 Expect-CT HTTP, Reference, header
The Expect-CT header lets sites opt in to reporting and/or enforcement of Certificate Transparency requirements, to prevent the use of misissued certificates for that site from going unnoticed.
124 Expect HTTP, HTTP Header, Reference, Request header
The Expect HTTP request header indicates expectations that need to be met by the server to handle the request successfully.
125 Expires Caching, HTTP, Response, header
The Expires HTTP header contains the date/time after which the response is considered expired.
126 Feature-Policy Authorization, Experimental, Feature-Policy, HTTP, Permissions, Reference, Security, Web, header
The HTTP Feature-Policy header provides a mechanism to allow and deny the use of browser features in its own frame, and in content within any iframe elements in the document.
127 Feature-Policy: accelerometer Accelerometer, Directive, Experimental, Feature Policy, HTTP, Reference
The HTTP Feature-Policy header accelerometer directive controls whether the current document is allowed to gather information about the acceleration of the device through the Accelerometer interface.
128 Feature-Policy: ambient-light-sensor Ambient Light Sensor, Experimental, Feature Policy, HTTP
The HTTP Feature-Policy header ambient-light-sensor directive controls whether the current document is allowed to gather information about the amount of light in the environment around the device through the AmbientLightSensor interface.
129 Feature-Policy: autoplay Directive, Experimental, Feature Policy, Feature-Policy, HTTP, Reference, autoplay
The HTTP Feature-Policy header autoplay directive controls whether the current document is allowed to autoplay media requested through the HTMLMediaElement interface. When this policy is enabled and there were no user gestures, the Promise returned by HTMLMediaElement.play() will reject with a DOMException. The autoplay attribute on audio and video elements will be ignored.
130 Feature-Policy: battery Battery, Experimental, Feature Policy, HTTP
The HTTP Feature-Policy header battery directive controls whether the current document is allowed to gather information about the battery of the device through the BatteryManager interface obtained via Navigator.getBattery.
131 Feature-Policy: camera Directive, Experimental, Feature Policy, Feature-Policy, HTTP, Reference, camera
The HTTP Feature-Policy header camera directive controls whether the current document is allowed to use video input devices. When this policy is enabled, the Promise returned by MediaDevices.getUserMedia() will reject with a NotAllowedError DOMException.
132 Feature-Policy: display-capture Directive, Experimental, Feature Policy, HTTP, Reference, display-capture
The HTTP Feature-Policy header display-capture directive controls whether or not the document is permitted to use Screen Capture API, that is, MediaDevices.getDisplayMedia to capture the screen's contents.
133 Feature-Policy: document-domain Directive, Experimental, Feature Policy, Feature-Policy, HTTP, Header, Reference, document-domain
The HTTP Feature-Policy header document-domain directive controls whether the current document is allowed to set document.domain. When this policy is disabled, attempting to set document.domain will fail and cause a SecurityError DOMException to be thrown.
134 Feature-Policy: encrypted-media Directive, EME, Experimental, Feature Policy, Feature-Policy, HTTP, Reference
The HTTP Feature-Policy header encrypted-media directive controls whether the current document is allowed to use the Encrypted Media Extensions API (EME). When this policy is enabled, the Promise returned by Navigator.requestMediaKeySystemAccess will reject with a DOMException.
135 Feature-Policy: fullscreen Experimental, Feature Policy, Feature-Policy, HTTP, fullscreen, header
The HTTP Feature-Policy header fullscreen directive controls whether the current document is allowed to use Element.requestFullScreen(). When this policy is enabled, the returned Promise rejects with a TypeError.
136 Feature-Policy: gamepad Experimental, Feature Policy, Gamepad, HTTP, header
The HTTP Feature-Policy header gamepad directive controls whether the current document is allowed to use the Gamepad API. When this policy is disabled, calls to Navigator.getGamepads() will throw a SecurityError DOMException. In addition, the gamepadconnected and gamepaddisconnected events will not fire.
137 Feature-Policy: geolocation Experimental, Feature Policy, Geolocation, HTTP, header
The HTTP Feature-Policy header geolocation directive controls whether the current document is allowed to use the Geolocation Interface. When this policy is enabled, calls to Geolocation.getCurrentPosition and Geolocation.watchPosition will cause those functions' callbacks to be invoked with a GeolocationPositionError code of PERMISSION_DENIED.
138 Feature-Policy: gyroscope Experimental, Feature Policy, HTTP, gyroscope, header
The HTTP Feature-Policy header gyroscope directive controls whether the current document is allowed to gather information about the orientation of the device through the Gyroscope interface.
139 Feature-Policy: layout-animations Directive, Experimental, Feature-Policy, HTTP, Non-standard, Reference, layout-animations
The HTTP Feature-Policy header layout-animations directive controls whether the current document is allowed to show layout animations.
140 Feature-Policy: legacy-image-formats Direcive, Experimental, Feature-Policy, HTTP, Non-standard, Reference, legacy-image-formats
The HTTP Feature-Policy header legacy-image-formats directive controls whether the current document is allowed to display images in legacy formats.
141 Feature-Policy: magnetometer Directive, Experimental, Feature-Policy, HTTP, Magnetometer, Reference
The HTTP Feature-Policy header magnetometer directive controls whether the current document is allowed to gather information about the orientation of the device through the Magnetometer interface.
142 Feature-Policy: microphone Experimental, Feature Policy, Feature-Policy, HTTP, header, microphone
The HTTP Feature-Policy header microphone directive controls whether the current document is allowed to use audio input devices. When this policy is enabled, the Promise returned by MediaDevices.getUserMedia() will reject with a NotAllowedError.
143 Feature-Policy: midi Directive, Experimental, Feature Policy, Feature-Policy, HTTP, MIDI, Reference
The HTTP Feature-Policy header midi directive controls whether the current document is allowed to use the Web MIDI API. When this policy is enabled, the Promise returned by Navigator.requestMIDIAccess() will reject with a DOMException.
144 Feature-Policy: oversized-images Directive, Experimental, Feature-Policy, HTTP, Non-standard, Reference
The HTTP Feature-Policy header oversized-images directive controls whether the current document is allowed to download and display large images.
145 Feature-Policy: payment Directive, Experimental, Feature Policy, Feature-Policy, HTTP, Payment Request API, Payments API, Reference
The HTTP Feature-Policy header field's payment directive controls whether the current document is allowed to use the Payment Request API. When this policy is disabled, the PaymentRequest() constructor will throw a SyntaxError.
146 Feature-Policy: picture-in-picture Directive, Experimental, Feature-Policy, HTTP, Picture in picture, Reference
The HTTP Feature-Policy header picture-in-picture directive controls whether the current document is allowed to play a video in a Picture-in-Picture mode via the corresponding API.
147 Feature-Policy: publickey-credentials-get Directive, Experimental, Feature-Policy, HTTP, Reference, publickey-credentials-get
The HTTP Feature-Policy header publickey-credentials-get directive controls whether the current document is allowed to access the Web Authentication API to retrieve public-key credentials; i.e, via CredentialsContainer.get.
148 Feature-Policy: screen-wake-lock Directive, Experimental, Feature Policy, Feature-Policy, HTTP, Reference, screen-wake-lock
The HTTP Feature-Policy header screen-wake-lock directive controls whether the current document is allowed to use Screen Wake Lock API to indicate that device should not dim or turn off the screen.
149 Feature-Policy: speaker-selection Experimental, Feature Policy, Feature-Policy, HTTP, header, microphone
The HTTP Feature-Policy header speaker-selection directive controls whether the current document is allowed to enumerate and select audio output devices (speakers, headphones, etc.).
150 Feature-Policy: sync-xhr Directive, Experimental, Feature Policy, Feature-Policy, HTTP, Reference, XMLHttpRequest
The HTTP Feature-Policy header sync-xhr directive controls whether the current document is allowed to make synchronous XMLHttpRequest requests.
151 Feature-Policy: unoptimized-images Directive, Experimental, Feature-Policy, HTTP, Image, Non-standard, Reference
The HTTP Feature-Policy header unoptimized-images directive controls whether the current document is allowed to download and display unoptimized images.
152 Feature-Policy: unsized-media Directive, Experimental, Feature-Policy, HTTP, Non-standard, Reference
The HTTP Feature-Policy header unsized-media directive controls whether the current document is allowed to change the size of media elements after the initial layout is complete.
153 Feature-Policy: usb Directive, Experimental, Feature-Policy, HTTP, Reference, Vibration API, Web USB
The HTTP Feature-Policy header usb directive controls whether the current document is allowed to use the WebUSB API.
154 Feature-Policy: vibrate Deprecated, Directive, Experimental, Feature-Policy, HTTP, Non-standard, Reference, Vibration API
The HTTP Feature-Policy header vibrate directive controls whether the current document is allowed to trigger device vibrations via Navigator.vibrate method of Vibration API.
155 Feature-Policy: vr Directive, Experimental, Feature Policy, Feature-Policy, HTTP, Reference, WebVR
The HTTP Feature-Policy header vr directive controls whether the current document is allowed to use the WebVR API. When this policy is enabled, the Promise returned by Navigator.getVRDisplays will reject with a DOMException.
156 web-share Experimental, Feature-Policy, HTTP, Web Share
The HTTP Feature-Policy header web-share directive controls whether the current document is allowed to use the Navigator.share method of the Web Share API to share text, links, images, and other content to arbitrary destinations of the user's choice.
157 Feature-Policy: xr-spatial-tracking Directive, Experimental, Feature Policy, Feature-Policy, HTTP, Reference, xr-spatial-tracking
The HTTP Feature-Policy header xr-spatial-tracking directive controls whether the current document is allowed to use the WebXR Device API. This policy controls whether XRSystem/requestSession can return XRSession that requires spatial tracking and whether user agent can indicate support for sessions supporting spatial tracking via XRSystem/isSessionSupported and devicechange event on Navigator.xr object.
158 Feature-Policy: xr Deprecated, Experimental
This Feature Policy directive was at one point defined as xr (but implemented in Chrome as Feature-Policy/vr), use Feature-Policy/xr-spatial-tracking instead.
159 Forwarded HTTP, HTTP Header, Reference, Request header, header
The Forwarded header contains information from the reverse proxy servers that is altered or lost when a proxy is involved in the path of the request.
160 From HTTP, Reference, header
The From request header contains an Internet email address for a human user who controls the requesting user agent.
161 Host HTTP, Reference, header
The Host request header specifies the host and port number of the server to which the request is being sent.
162 If-Match Conditional Requests, HTTP, HTTP Header, Reference, Request header
The If-Match HTTP request header makes the request conditional. For GET and HEAD methods, the server will return the requested resource only if it matches one of the listed ETags. For PUT and other non-safe methods, it will only upload the resource in this case.
163 If-Modified-Since Conditional Requests, HTTP, HTTP Header, Reference, Request header
The If-Modified-Since request HTTP header makes the request conditional: the server sends back the requested resource, with a 200 status, only if it has been last modified after the given date. If the resource has not been modified since, the response is a 304 without any body; the Last-Modified response header of a previous request contains the date of last modification. Unlike If-Unmodified-Since, If-Modified-Since can only be used with a GET or HEAD.
164 If-None-Match Conditional Requests, HTTP, HTTP Header, Reference, Request header
The If-None-Match HTTP request header makes the request conditional. For GET and HEAD methods, the server will return the requested resource, with a 200 status, only if it doesn't have an ETag matching the given ones. For other methods, the request will be processed only if the eventually existing resource's ETag doesn't match any of the values listed.
165 If-Range Condtional Requests, HTTP, HTTP Header, Range Requests, Reference, Request header
The If-Range HTTP request header makes a range request conditional: if the condition is fulfilled, the range request is issued, and the server sends back a 206 Partial Content answer with the appropriate body. If the condition is not fulfilled, the full resource is sent back with a 200 OK status.
166 If-Unmodified-Since HTTP, HTTP Header, Reference, Request header
The HyperText Transfer Protocol (HTTP) If-Unmodified-Since request header makes the request for the resource conditional: the server will send the requested resource or accept it in the case of a POST or another non-Safe/HTTP method only if the resource has not been modified after the date specified by this HTTP header. If the resource has been modified after the specified date, the response will be a 412 Precondition Failed error.
167 Keep-Alive HTTP, HTTP Header, Reference, Request header, Response header
The Keep-Alive general header allows the sender to hint about how the connection may be used to set a timeout and a maximum amount of requests.
168 Large-Allocation HTTP, HTTP Header, Non-standard, Reference, Response Header, header
The non-standard Large-Allocation response header tells the browser that the page being loaded is going to want to perform a large allocation. It is currently only implemented in Firefox, but is harmless to send to every browser.
169 Last-Modified HTTP, HTTP Header, Reference, Response Header
The Last-Modified response HTTP header contains a date and time when the origin server believes the resource was last modified. It is used as a validator to determine if the resource is the same as the previously stored one. Less accurate than an ETag header, it is a fallback mechanism. Conditional requests containing If-Modified-Since or If-Unmodified-Since headers make use of this field.
170 Link Draft, HTTP, HTTP Header, Link, NeedsCompatTable, NeedsContent, NeedsSyntax, Reference
The HTTP Link entity-header field provides a means for serialising one or more links in HTTP headers. It is semantically equivalent to the HTML link element.
171 Location HTTP, HTTP Header, Reference, Response Header
The Location response header indicates the URL to redirect a page to. It only provides a meaning when served with a 3xx (redirection) or 201 (created) status response.
172 NEL HTTP, HTTP Header, Network Error Logging, Reference, Response Header, header
The HTTP NEL response header is used to configure network request logging.
173 Origin HTTP, Reference, Request header, header, origin
The Origin HyperText Transfer Protocol (HTTP) request header indicates the origin of the request. This header does not include any path information. It is similar to the Referer header, but unlike that header, the Origin header does not disclose the whole path.
174 Pragma Caching, Deprecated, HTTP, HTTP Header, Request header, Response header
The Pragma HTTP/1.0 general header is an implementation-specific header that may have various effects along the request-response chain. This header serves for backwards compatibility with the HTTP/1.0 caches that do not have a Cache-Control HTTP/1.1 header.
175 Proxy-Authenticate HTTP, HTTP Header, Proxy, Reference, Response Header
The HTTP Proxy-Authenticate response header defines the authentication method that should be used to gain access to a resource behind a proxy server. It authenticates the request to the proxy server, allowing it to transmit the request further.
176 Proxy-Authorization HTTP, HTTP Header, Reference, Request header, header
The HTTP Proxy-Authorization request header contains the credentials to authenticate a user agent to a proxy server, usually after the server has responded with a 407 Proxy Authentication Required status and the Proxy-Authenticate header.
177 Public-Key-Pins-Report-Only Deprecated, Deprecated, HPKP, HTTP, Security, header
The HTTP Public-Key-Pins-Report-Only response header was used to send reports of pinning violation to the report-uri specified in the header but, unlike Public-Key-Pins still allows browsers to connect to the server if the pinning is violated. The header is silently ignored in modern browsers as support for HPKP has been removed. Use Certificate Transparency and the Expect-CT header instead.
178 Public-Key-Pins Deprecated, Deprecated, HPKP, HTTP, Reference, Security, header
The HTTP Public-Key-Pins response header used to associate a specific cryptographic public key with a certain web server to decrease the risk of MITM attacks with forged certificates. However, it has been removed from modern browsers and is no longer supported. Use Certificate Transparency and Expect-CT header instead.
179 Range HTTP, HTTP Header, Range Requests, Reference, Request header
The Range HTTP request header indicates the part of a document that the server should return. Several parts can be requested with one Range header at once, and the server may send back these ranges in a multipart document. If the server sends back ranges, it uses the 206 for the response. If the ranges are invalid, the server returns the 416 error. The server can also ignore the Range header and return the whole document with a 200 status code.
180 Referer HTTP, Reference, header, referer, referrer
The Referer HTTP request header contains an absolute or partial address of the page that makes the request. The Referer header allows a server to identify a page where people are visiting it from. This data can be used for analytics, logging, optimized caching, and more.
181 Referrer-Policy HTTP, HTTP Header, Privacy, Reference, Referrer-Policy, Response, Response Header, referrer
The Referrer-Policy HTTP header controls how much referrer information (sent with the Referer header) should be included with requests. Aside from the HTTP header, you can set this policy in HTML.
182 Retry-After HTTP, Reference, Response, Response Header, header
The Retry-After response HTTP header indicates how long the user agent should wait before making a follow-up request. There are three main cases this header is used:
183 RTT Client hints, Client hints, Experimental, HTTP, HTTP Header, RTT, Request header
The RTT Client hints request header field provides the approximate round trip time on the application layer, in milliseconds. The RTT hint, unlike transport layer RTT, includes server processing time.
184 Save-Data Client hints, HTTP, HTTP Header, Reference, Request header, Save-Data
The Save-Data Client hints request header field is a boolean which indicates the client's preference for reduced data usage. This could be for reasons such as high transfer costs, slow connection speeds, etc.
185 Sec-Fetch-Dest Fetch Metadata Request Headers, HTTP, HTTP Headers, Reference, Request header, Sec-Fetch-Dest
The Sec-Fetch-Dest Fetch metadata request header indicates the request's destination. That is the initiator of the original fetch request, which is where (and how) the fetched data will be used.
186 Sec-Fetch-Mode Fetch Metadata Request Headers, HTTP, HTTP Header, Reference, Request header, Sec-Fetch-Mode
The Sec-Fetch-Mode Fetch metadata request header indicates the mode of the request.
187 Sec-Fetch-Site Fetch Metadata Request Headers, HTTP, HTTP Header, Reference, Request header, Sec-Fetch-Site
The Sec-Fetch-Site Fetch metadata request header indicates the relationship between a request initiator's origin and the origin of the requested resource.
188 Sec-Fetch-User Fetch metadate request headers, HTTP, HTTP Header, Reference, Request header, Sec-Fetch-User
The Sec-Fetch-User Fetch metadata request header is only sent for requests initiated by user activation, and its value will always be ?1.
189 Sec-WebSocket-Accept Draft, HTTP, NeedsCompatTable, NeedsContent, Reference, Sec-WebSocket-Accept, WebSockets, header
The Sec-WebSocket-Accept header is used in the websocket opening handshake. It would appear in the response headers. That is, this is header is sent from server to client to inform that server is willing to initiate a websocket connection.
190 Server-Timing HTTP, Performance, Reference, header
The Server-Timing header communicates one or more metrics and descriptions for a given request-response cycle. It is used to surface any backend server timing metrics (e.g. database read/write, CPU time, file system access, etc.) in the developer tools in the user's browser or in the PerformanceServerTiming interface.
191 Server HTTP, Reference, header
The Server header describes the software used by the origin server that handled the request — that is, the server that generated the response.
192 Set-Cookie Cookies, HTTP, Reference, Response, header, samesite
The Set-Cookie HTTP response header is used to send a cookie from the server to the user agent, so that the user agent can send it back to the server later. To send multiple cookies, multiple Set-Cookie headers should be sent in the same response.
193 SameSite cookies Cookies, HTTP, Reference, samesite
The SameSite attribute of the Set-Cookie HTTP response header allows you to declare if your cookie should be restricted to a first-party or same-site context.
194 Set-Cookie2 Cookies, Deprecated, HTTP, Reference, header
The obsolete Set-Cookie2 HTTP response header used to send cookies from the server to the user agent, but has been deprecated by the specification. Use Set-Cookie instead.
195 SourceMap HTTP, HTTP Header, Reference, Response Header, header
The SourceMap HTTP response header links generated code to a source map, enabling the browser to reconstruct the original source and present the reconstructed original in the debugger.
196 Strict-Transport-Security HSTS, HTTP, HTTPS, Security, header
The HTTP Strict-Transport-Security response header (often abbreviated as HSTS) lets a web site tell browsers that it should only be accessed using HTTPS, instead of using HTTP.
197 TE HTTP, Reference, header
The TE request header specifies the transfer encodings the user agent is willing to accept. (you could informally call it Accept-Transfer-Encoding, which would be more intuitive).
198 Timing-Allow-Origin CORS, HTTP, Reference, Timing-Allow-Origin, header
The Timing-Allow-Origin response header specifies origins that are allowed to see values of attributes retrieved via features of the Resource Timing API, which would otherwise be reported as zero due to cross-origin restrictions.
199 Tk DNT, HTTP, Reference, Response, header, tracking
The Tk response header indicates the tracking status that applied to the corresponding request.
200 Trailer HTTP, HTTP Header, Payload header, Request header, Response header
The Trailer response header allows the sender to include additional fields at the end of chunked messages in order to supply metadata that might be dynamically generated while the message body is sent, such as a message integrity check, digital signature, or post-processing status.
201 Transfer-Encoding HTTP, HTTP Header, Payload header, Reference, Request header, Response header
The Transfer-Encoding header specifies the form of encoding used to safely transfer the Payload body to the user.
202 Upgrade-Insecure-Requests HTTP, HTTPS, Security, header
The HTTP Upgrade-Insecure-Requests request header sends a signal to the server expressing the client’s preference for an encrypted and authenticated response, and that it can successfully handle the upgrade-insecure-requests CSP directive.
203 Upgrade HTTP, HTTP Header, Request header, Response header, Upgrade
The HTTP 1.1 (only) Upgrade header can be used to upgrade an already established client/server connection to a different protocol (over the same transport protocol). For example, it can be used by a client to upgrade a connection from HTTP 1.1 to HTTP 2.0, or an HTTP or HTTPS connection into a WebSocket.
204 User-Agent HTTP, HTTP Header, Reference, User-agent
The User-Agent request header is a characteristic string that lets servers and network peers identify the application, operating system, vendor, and/or version of the requesting user agent.
205 Firefox user agent string reference Compatibility, Firefox, Firefox 4, Gecko, Gecko 2.0, Guide
This document describes the user agent string used in Firefox 4 and later and applications based on Gecko 2.0 and later. For a breakdown of changes to the string in Gecko 2.0, see Final User Agent string for Firefox 4 (blog post). See also this document on user agent sniffing and this Hacks blog post.
206 Vary HTTP, Reference, Response, Response Header, header
The Vary HTTP response header determines how to match future request headers to decide whether a cached response can be used rather than requesting a fresh one from the origin server. It is used by the server to indicate which headers it used when selecting a representation of a resource in a content negotiation algorithm.
207 Via HTTP, HTTP Header, Reference, Request header, Response header
The Via general header is added by proxies, both forward and reverse, and can appear in the request or response headers. It is used for tracking message forwards, avoiding request loops, and identifying the protocol capabilities of senders along the request/response chain.
208 Viewport-Width Client hints, Deprecated, Exerimental, HTTP, HTTP Header, Non-standard, Request header, Viewport-Width
The Viewport-Width device client hint request header provides the client's layout viewport width in CSS pixel. The value is rounded up to the smallest following integer (i.e. ceiling value).
209 Want-Digest HTTP, HTTP Header, Request header, Response header
The Want-Digest HTTP header is primarily used in a HTTP request, to ask the server to provide a digest of the requested resource using the Digest response header.
210 Warning HTTP, HTTP Header, Reference, Request header, Response header
The Warning HTTP header contains information about possible problems with the status of the message. More than one Warning header may appear in a response.
211 Width Client hints, Deprecated, Device Memory API, Experimental, HTTP, HTTP Header, Request header, Width
The Width Client hints request header field indicates the desired resource width in physical pixels — the intrinsic size of an image. The provided pixel value is a number rounded to the smallest following integer (i.e. ceiling value).
212 WWW-Authenticate Authentication, HTTP, HTTP Header, Header, Reference, Response Header, WWW-Authenticate
The HTTP WWW-Authenticate response header defines the HTTP authentication methods ("challenges") that might be used to gain access to a specific resource.
213 X-Content-Type-Options HTTP, HTTP Header, Reference, Response Header
The X-Content-Type-Options response HTTP header is a marker used by the server to indicate that the MIME types advertised in the Content-Type headers should be followed and not be changed. The header allows you to avoid MIME type sniffing by saying that the MIME types are deliberately configured.
214 X-DNS-Prefetch-Control DNS, HTTP, X-DNS-Prefetch-Control, header
The X-DNS-Prefetch-Control HTTP response header controls DNS prefetching, a feature by which browsers proactively perform domain name resolution on both links that the user may choose to follow as well as URLs for items referenced by the document, including images, CSS, JavaScript, and so forth.
215 X-Forwarded-For HTTP, HTTP Header, Non-standard, Reference, Request header, header
The X-Forwarded-For (XFF) header is a de-facto standard header for identifying the originating IP address of a client connecting to a web server through an HTTP proxy or a load balancer. When traffic is intercepted between clients and servers, server access logs contain the IP address of the proxy or load balancer only. To see the original IP address of the client, the X-Forwarded-For request header is used.
216 X-Forwarded-Host HTTP, HTTP Header, Non-standard, Reference, Request header, header
The X-Forwarded-Host (XFH) header is a de-facto standard header for identifying the original host requested by the client in the Host HTTP request header.
217 X-Forwarded-Proto HTTP, HTTP Header, Non-standard, Reference, Request header, header
The X-Forwarded-Proto (XFP) header is a de-facto standard header for identifying the protocol (HTTP or HTTPS) that a client used to connect to your proxy or load balancer. Your server access logs contain the protocol used between the server and the load balancer, but not the protocol used between the client and the load balancer. To determine the protocol used between the client and the load balancer, the X-Forwarded-Proto request header can be used.
218 X-Frame-Options Gecko, HAProxy, HTTP, Response Header, Security, nginx
The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page in a frame, iframe, embed or object. Sites can use this to avoid click-jacking attacks, by ensuring that their content is not embedded into other sites.
219 X-XSS-Protection HTTP, Reference, Security, XSS, header
The HTTP X-XSS-Protection response header is a feature of Internet Explorer, Chrome and Safari that stops pages from loading when they detect reflected cross-site scripting (Cross-site_scripting) attacks. Although these protections are largely unnecessary in modern browsers when sites implement a strong Content-Security-Policy that disables the use of inline JavaScript ('unsafe-inline'), they can still provide protections for users of older web browsers that don't yet support CSP.
220 Link prefetching FAQ Gecko, HTML, HTTP, Link, Necko, Performance, Prefetch, Web Development
Link prefetching is a browser mechanism, which utilizes browser idle time to download or prefetch documents that the user might visit in the near future. A web page provides a set of prefetching hints to the browser, and after the browser is finished loading the page, it begins silently prefetching specified documents and stores them in its cache. When the user visits one of the prefetched documents, it can be served up quickly out of the browser's cache.
221 HTTP Messages Guide, HTTP, WebMechanics
HTTP messages are how data is exchanged between a server and a client. There are two types of messages: requests sent by the client to trigger an action on the server, and responses, the answer from the server.
222 HTTP request methods HTTP, Methods, Reference
HTTP defines a set of request methods to indicate the desired action to be performed for a given resource. Although they can also be nouns, these request methods are sometimes referred to as HTTP verbs. Each of them implements a different semantic, but some common features are shared by a group of them: e.g. a request method can be Safe/HTTP, idempotent, or cacheable.
223 CONNECT HTTP, Reference, Request method
The HTTP CONNECT method starts two-way communications with the requested resource. It can be used to open a tunnel.
224 DELETE HTTP, Reference, Request method
The HTTP DELETE request method deletes the specified resource.
225 GET HTTP, Reference, Request method
The HTTP GET method requests a representation of the specified resource. Requests using GET should only be used to request data (they shouldn't include data).
226 HEAD HTTP, Reference, Request method
The HTTP HEAD method requests the headers that would be returned if the HEAD request's URL was instead requested with the HTTP GET method. For example, if a URL might produce a large download, a HEAD request could read its Content-Length header to check the filesize without actually downloading the file.
227 OPTIONS HTTP, Reference, Request method
The HTTP OPTIONS method requests permitted communication options for a given URL or server. A client can specify a URL with this method, or an asterisk (*) to refer to the entire server.
228 PATCH HTTP, Reference, Request method
The HTTP PATCH request method applies partial modifications to a resource.
229 POST HTTP, Reference, Request method
The HTTP POST method sends data to the server. The type of the body of the request is indicated by the Content-Type header.
230 PUT HTTP, Reference, Request method
The HTTP PUT request method creates a new resource or replaces a representation of the target resource with the request payload.
231 TRACE HTTP, Reference, Request method
The HTTP TRACE method performs a message loop-back test along the path to the target resource, providing a useful debugging mechanism.
232 Network Error Logging Guide, HTTP, Network Error Logging, Reference
Network Error Logging is a mechanism that can be configured via the NEL HTTP response header. This experimental header allows web sites and applications to opt-in to receive reports about failed (and, if desired, successful) network fetches from supporting browsers.
233 An overview of HTTP HTML, HTTP, Overview, WebMechanics, l10n:priority
HTTP is a protocol for fetching resources such as HTML documents. It is the foundation of any data exchange on the Web and it is a client-server protocol, which means requests are initiated by the recipient, usually the Web browser. A complete document is reconstructed from the different sub-documents fetched, for instance, text, layout description, images, videos, scripts, and more.
234 Protocol upgrade mechanism Guide, HTTP, HTTP/2, Networking, Protocols, Upgrade, WebSocket, WebSockets
The HTTP/1.1 protocol provides a special mechanism that can be used to upgrade an already established connection to a different protocol, using the Upgrade header field.
235 Proxy servers and tunneling HTTP, HTTP Tunneling, Proxies, Proxy
When navigating through different networks of the Internet, proxy servers and HTTP tunnels are facilitating access to content on the World Wide Web. A proxy can be on the user's local computer, or anywhere between the user's computer and a destination server on the Internet. This page outlines some basics about proxies and introduces a few configuration options.
236 Proxy Auto-Configuration (PAC) file Necko, Networking, PAC, Proxy
A Proxy Auto-Configuration (PAC) file is a JavaScript function that determines whether web browser requests (HTTP, HTTPS, and FTP) go directly to the destination or are forwarded to a web proxy server. The JavaScript function contained in the PAC file defines the function:
237 HTTP Public Key Pinning (HPKP) Deprecated, Deprecated, Guide, HPKP, HTTP, Security
HTTP Public Key Pinning (HPKP) was a security feature that used to tell a web client to associate a specific cryptographic public key with a certain web server to decrease the risk of MITM attacks with forged certificates. It has been removed in modern browsers and is no longer supported.
238 HTTP range requests Guide, HTTP, HTTP range requests
HTTP range requests allow to send only a portion of an HTTP message from a server to a client. Partial requests are useful for large media or downloading files with pause and resume functions, for example.
239 Redirections in HTTP Guide, HTTP, redirects
URL redirection, also known as URL forwarding, is a technique to give more than one URL address to a page, a form, or a whole Web site/application. HTTP has a special kind of response, called a HTTP redirect, for this operation.
240 HTTP resources and specifications Guide, HTTP
HTTP was first specified in the early 1990s. Designed with extensibility in mind, it has seen numerous additions over the years; this lead to its specification being scattered through numerous specification documents (in the midst of experimental abandoned extensions). This page lists relevant resources about HTTP.
241 Resources and URIs HTTP, MIME, MIME Type, Overview, Type, URI, URIs, URL, resources
HTTP allows a browser, or another user agent, to communicate with different resources on the Internet: to do this the browser needs both the identity and the location of the resources. These two bits of information are described by a URI.
242 A typical HTTP session HTTP
In client-server protocols, like HTTP, sessions consist of three phases:
243 HTTP response status codes HTTP, Landing, Overview, Reference, Status code, Web
HTTP response status codes indicate whether a specific HTTP request has been successfully completed. Responses are grouped in five classes:
244 100 Continue HTTP, Informational, Status code
The HTTP 100 Continue informational status response code indicates that everything so far is OK and that the client should continue with the request or ignore it if it is already finished.
245 101 Switching Protocols HTTP, HTTP Status Code, Informational, Reference, WebSockets
The HTTP 101 Switching Protocols response code indicates the protocol the server is switching to as requested by a client which sent the message including the Upgrade request header.
246 103 Early Hints Draft, HTTP, Informational, NeedsCompatTable, NeedsContent, Status code
The HTTP 103 Early Hints information response status code is primarily intended to be used with the Link header to allow the user agent to start preloading resources while the server is still preparing a response.
247 200 OK HTTP, Status code, Success
The HTTP 200 OK success status response code indicates that the request has succeeded. A 200 response is cacheable by default.
248 201 Created HTTP, Reference, Status code, Success
The HTTP 201 Created success status response code indicates that the request has succeeded and has led to the creation of a resource. The new resource is effectively created before this response is sent back and the new resource is returned in the body of the message, its location being either the URL of the request, or the content of the Location header.
249 202 Accepted HTTP, Reference, Status code, Success response
The HyperText Transfer Protocol (HTTP) 202 Accepted response status code indicates that the request has been accepted for processing, but the processing has not been completed; in fact, processing may not have started yet. The request might or might not eventually be acted upon, as it might be disallowed when processing actually takes place.
250 203 Non-Authoritative Information HTTP, HTTP Status Code, Reference, Status code, Successful response
The HTTP 203 Non-Authoritative Information response status indicates that the request was successful but the enclosed payload has been modified by a transforming Proxy server from that of the origin server's 200 (OK) response .
251 204 No Content HTTP, Reference, Status code, Success
The HTTP 204 No Content success status response code indicates that a request has succeeded, but that the client doesn't need to navigate away from its current page.
252 205 Reset Content HTTP, HTTP Status Code, Reference, Status code
The HTTP 205 Reset Content response status tells the client to reset the document view, so for example to clear the content of a form, reset a canvas state, or to refresh the UI.
253 206 Partial Content HTTP, HTTP Status, Range Requests, Success
The HTTP 206 Partial Content success status response code indicates that the request has succeeded and the body contains the requested ranges of data, as described in the Range header of the request.
254 300 Multiple Choices HTTP, HTTP Status Code, Reference, Status code
The HTTP 300 Multiple Choices redirect status response code indicates that the request has more than one possible responses. The user-agent or the user should choose one of them. As there is no standardized way of choosing one of the responses, this response code is very rarely used.
255 301 Moved Permanently HTTP, Redirect, Reference, Status code
The HyperText Transfer Protocol (HTTP) 301 Moved Permanently redirect status response code indicates that the resource requested has been definitively moved to the URL given by the Location headers. A browser redirects to this page and search engines update their links to the resource (in 'SEO-speak', it is said that the 'link-juice' is sent to the new URL).
256 302 Found HTTP, HTTP Status Code, Reference, redirects
The HyperText Transfer Protocol (HTTP) 302 Found redirect status response code indicates that the resource requested has been temporarily moved to the URL given by the Location header. A browser redirects to this page but search engines don't update their links to the resource (in 'SEO-speak', it is said that the 'link-juice' is not sent to the new URL).
257 303 See Other HTTP, HTTP Status Code, Reference, redirects
The HyperText Transfer Protocol (HTTP) 303 See Other redirect status response code indicates that the redirects don't link to the newly uploaded resources, but to another page (such as a confirmation page or an upload progress page). This response code is usually sent back as a result of PUT or POST. The method used to display this redirected page is always GET.
258 304 Not Modified HTTP, Redirection, Reference, Status code
The HTTP 304 Not Modified client redirection response code indicates that there is no need to retransmit the requested resources. It is an implicit redirection to a cached resource. This happens when the request method is Safe/HTTP, like a GET or a HEAD request, or when the request is conditional and uses a If-None-Match or a If-Modified-Since header.
259 307 Temporary Redirect HTTP, HTTP Status Code, Reference, redirects
HTTP 307 Temporary Redirect redirect status response code indicates that the resource requested has been temporarily moved to the URL given by the Location headers.
260 308 Permanent Redirect HTTP, HTTP Status Code, Reference, redirects
The HyperText Transfer Protocol (HTTP) 308 Permanent Redirect redirect status response code indicates that the resource requested has been definitively moved to the URL given by the Location headers. A browser redirects to this page and search engines update their links to the resource (in 'SEO-speak', it is said that the 'link-juice' is sent to the new URL).
261 400 Bad Request Client error, HTTP, HTTP Status Code, Reference, Status code
The HyperText Transfer Protocol (HTTP) 400 Bad Request response status code indicates that the server cannot or will not process the request due to something that is perceived to be a client error (e.g., malformed request syntax, invalid request message framing, or deceptive request routing).
262 401 Unauthorized Client error, HTTP, Reference, Status code
The HyperText Transfer Protocol (HTTP) 401 Unauthorized client error status response code indicates that the client request has not been completed because it lacks valid authentication credentials for the requested resource.
263 402 Payment Required Browser, Client error, HTTP, Status code
The HTTP 402 Payment Required is a nonstandard client error status response code that is reserved for future use.
264 403 Forbidden Client error, HTTP, Reference, Status code
The HTTP 403 Forbidden client error status response code indicates that the server understands the request but refuses to authorize it.
265 404 Not Found Browser, Client error, HTTP, Status code
The HTTP 404 Not Found client error response code indicates that the server can't find the requested resource. Links that lead to a 404 page are often called broken or dead links and can be subject to link rot.
266 405 Method Not Allowed Client error, HTTP, HTTP Status Code, Reference, Status code
The HyperText Transfer Protocol (HTTP) 405 Method Not Allowed response status code indicates that the request method is known by the server but is not supported by the target resource.
267 406 Not Acceptable HTTP, Reference, Status code
The HyperText Transfer Protocol (HTTP) 406 Not Acceptable client error response code indicates that the server cannot produce a response matching the list of acceptable values defined in the request's proactive content negotiation headers, and that the server is unwilling to supply a default representation.
268 407 Proxy Authentication Required Client error, HTTP, Reference, Status code
The HTTP 407 Proxy Authentication Required client error status response code indicates that the request has not been applied because it lacks valid authentication credentials for a proxy server that is between the browser and the server that can access the requested resource.
269 408 Request Timeout Client error, HTTP, HTTP Status Code, Reference, Status code
The HyperText Transfer Protocol (HTTP) 408 Request Timeout response status code means that the server would like to shut down this unused connection. It is sent on an idle connection by some servers, even without any previous request by the client.
270 409 Conflict Client error, HTTP, HTTP Status Code, Reference
The HTTP 409 Conflict response status code indicates a request conflict with current state of the target resource.
271 410 Gone Client error, HTTP, Reference, Status code
The HyperText Transfer Protocol (HTTP) 410 Gone client error response code indicates that access to the target resource is no longer available at the origin server and that this condition is likely to be permanent.
272 411 Length Required Client error, HTTP, HTTP Status Code, Reference, Status code
The HyperText Transfer Protocol (HTTP) 411 Length Required client error response code indicates that the server refuses to accept the request without a defined Content-Length header.
273 412 Precondition Failed Error, HTTP, Reference, Status code
The HyperText Transfer Protocol (HTTP) 412 Precondition Failed client error response code indicates that access to the target resource has been denied. This happens with conditional requests on methods other than GET or HEAD when the condition defined by the If-Unmodified-Since or If-None-Match headers is not fulfilled. In that case, the request, usually an upload or a modification of a resource, cannot be made and this error response is sent back.
274 413 Payload Too Large Client error, HTTP, HTTP Status Code, Reference, Status code
The HTTP 413 Payload Too Large response status code indicates that the request entity is larger than limits defined by server; the server might close the connection or return a Retry-After header field.
275 414 URI Too Long Client error, HTTP, Reference, Status code
The HTTP 414 URI Too Long response status code indicates that the URI requested by the client is longer than the server is willing to interpret.
276 415 Unsupported Media Type Client error, HTTP, HTTP Status Code, Reference, Status code
The HTTP 415 Unsupported Media Type client error response code indicates that the server refuses to accept the request because the payload format is in an unsupported format.
277 416 Range Not Satisfiable Client error, HTTP, Status code
The HyperText Transfer Protocol (HTTP) 416 Range Not Satisfiable error response code indicates that a server cannot serve the requested ranges. The most likely reason is that the document doesn't contain such ranges, or that the Range header value, though syntactically correct, doesn't make sense.
278 417 Expectation Failed Client error, HTTP, HTTP Status Code, Reference, Status code
The HTTP 417 Expectation Failed client error response code indicates that the expectation given in the request's Expect header could not be met.
279 418 I'm a teapot HTTP, HTTP Status Code, Reference
The HTTP 418 I'm a teapot client error response code indicates that the server refuses to brew coffee because it is, permanently, a teapot. A combined coffee/tea pot that is temporarily out of coffee should instead return 503. This error is a reference to Hyper Text Coffee Pot Control Protocol defined in April Fools' jokes in 1998 and 2014.
280 422 Unprocessable Entity Client error, HTTP, HTTP Status Code, Reference, Status code, WebDAV
The HyperText Transfer Protocol (HTTP) 422 Unprocessable Entity response status code indicates that the server understands the content type of the request entity, and the syntax of the request entity is correct, but it was unable to process the contained instructions.
281 425 Too Early Browser, Client error, HTTP, Status code
The HyperText Transfer Protocol (HTTP) 425 Too Early response status code indicates that the server is unwilling to risk processing a request that might be replayed, which creates the potential for a replay attack.
282 426 Upgrade Required Client error, HTTP, HTTP Status Code, Reference, Status code
The HTTP 426 Upgrade Required client error response code indicates that the server refuses to perform the request using the current protocol but might be willing to do so after the client upgrades to a different protocol.
283 428 Precondition Required Client error, HTTP, HTTP Status Code, Reference, Status code
The HTTP 428 Precondition Required response status code indicates that the server requires the request to be conditional.
284 429 Too Many Requests Client error, HTTP, HTTP Status Code, Reference, Status code
The HTTP 429 Too Many Requests response status code indicates the user has sent too many requests in a given amount of time ("rate limiting").
285 431 Request Header Fields Too Large Client error, HTTP, HTTP Status Code, Reference, Status code
The HTTP 431 Request Header Fields Too Large response status code indicates that the server refuses to process the request because the request's HTTP headers are too long. The request may be resubmitted after reducing the size of the request headers.
286 451 Unavailable For Legal Reasons Client error, HTTP, Reference, Status code
The HyperText Transfer Protocol (HTTP) 451 Unavailable For Legal Reasons client error response code indicates that the user requested a resource that is not available due to legal reasons, such as a web page for which a legal action has been issued.
287 500 Internal Server Error HTTP, Server error, Status code
The HyperText Transfer Protocol (HTTP) 500 Internal Server Error server error response code indicates that the server encountered an unexpected condition that prevented it from fulfilling the request.
288 501 Not Implemented HTTP, Server error, Status code
The HyperText Transfer Protocol (HTTP) 501 Not Implemented server error response code means that the server does not support the functionality required to fulfill the request.
289 502 Bad Gateway HTTP, Server error, Status code
The HyperText Transfer Protocol (HTTP) 502 Bad Gateway server error response code indicates that the server, while acting as a gateway or proxy, received an invalid response from the upstream server.
290 503 Service Unavailable 503 error, HTTP, Server error, Status code
The HyperText Transfer Protocol (HTTP) 503 Service Unavailable server error response code indicates that the server is not ready to handle the request.
291 504 Gateway Timeout HTTP, Server error, Status code
The HyperText Transfer Protocol (HTTP) 504 Gateway Timeout server error response code indicates that the server, while acting as a gateway or proxy, did not get a response in time from the upstream server that it needed in order to complete the request.
292 505 HTTP Version Not Supported HTTP, Reference, Server error, Status code
The HyperText Transfer Protocol (HTTP) 505 HTTP Version Not Supported response status code indicates that the HTTP version used in the request is not supported by the server.
293 506 Variant Also Negotiates HTTP, Server error, Status code
The HyperText Transfer Protocol (HTTP) 506 Variant Also Negotiates response status code may be given in the context of Transparent Content Negotiation (see RFC 2295). This protocol enables a client to retrieve the best variant of a given resource, where the server supports multiple variants.
294 507 Insufficient Storage HTTP, Server error, Status code
The HyperText Transfer Protocol (HTTP) 507 Insufficient Storage response status code may be given in the context of the Web Distributed Authoring and Versioning (WebDAV) protocol (see RFC 4918).
295 508 Loop Detected 508, HTTP, Server error, Status code
The HyperText Transfer Protocol (HTTP) 508 Loop Detected response status code may be given in the context of the Web Distributed Authoring and Versioning (WebDAV) protocol.
296 510 Not Extended HTTP, Server error, Status code
The HyperText Transfer Protocol (HTTP)  510 Not Extended response status code is sent in the context of the HTTP Extension Framework, defined in RFC 2774.
297 511 Network Authentication Required HTTP, HTTP Status Code, Reference, Server error, Status code
The HTTP 511 Network Authentication Required response status code indicates that the client needs to authenticate to gain network access.