Headers - Standard HTTP Headers

Accept informs the server about the types of data that can be sent back.

AcceptEncoding is the encoding algorithm, usually a compression algorithm, that can be used on the resource sent back.

AcceptLanguage informs the server about the human language the server is expected to send back.

AcceptRanges indicates if the server supports range requests, and if so in which unit the range can be expressed.

AccessControlAllowCredentials indicates whether the response to the request can be exposed when the credentials flag is true.

AccessControlAllowHeaders used in response to a preflight request to indicate which HTTP headers can be used when making the actual request.

AccessControlAllowMethods specifies the methods allowed when accessing the resource in response to a preflight request.

AccessControlAllowOrigin indicates whether the response can be shared.

AccessControlExposeHeaders indicates which headers can be exposed as a part of the resonse by listing their names.

AccessControlMaxAge indicates how long the results of a preflight request can be cached.

AccessControlRequestMethod used when issuing a preflight request to let the server know which HTTP method will bed used when the actual request is made.

Age is the time, in seconds, that the object has been in a proxy cache.

Allow lists the set of HTTP request methods supported by a resource.

Authorization contains the credentials to authenticate a user-agent with a server.

CacheControl directives for caching mechanisms in both requests and responses.

Connection ...

ContentDisposition indicates if the resource transmitted should be displayed inline (default behavior without the header), or if it should be handled like a download and the browser should present a "Save As" Dialog.

ContentEncoding used to specifiy the compression algorithm.

ContentLanguage describes the human language(s) intended for the audience, so that it allows a user to differentiate according to the users' own preferred language.

ContentLength indicates the size of the resource, in decimal number of bytes, both in request and response.

ContentLocation indicates an alternate location for the returned data.

ContentRange indicates where in a full body message a partial message belongs.

ContentSecurityPolicy (CSP) controls resources the user agent is allowed to load for a given page.

ContentSecurityPolicyReportOnly (CSP) controls resources the user agent is allowed to load for a given page.

ContentType indicates the data type, both in request and response.

Cookie contains stored HTTP cookies previously sent by the server with the Set-Cookie header.

CrossOriginEmbedderPolicy (COEP) allows a server to declare an embedder policy for a given document.

CrossOriginEmbederPolicy (COEP) allows a server to declare an embedder policy for a given document.

CrossOriginOpenerPolicy (COOP) prevents other domain from opening/controlling a window.

CrossOriginResourcePolicy (CORP) prevents other domains from reading the response of the resources to which this header is applied.

Date contains the date and time at which the message was originated.

ETag is a unique string identifying the version of the resource.

Expires is the date/time after which the response is considered stale.

Host specifies the domain name of the server (for virtual hosting), and (optionally) the TCP port number on which the server is listenting.

IfMatch makes the request conditional, and applies the method only if the stored resource matches one of the given ETags.

IfModifiedSince makes the request conditional, and expects the resource to be transmitted only if it has been modified after the given date.

IfNoneMatch makes the request conditional, and applies the method only if the stored resource doesn't match any of the given ETags.

IfRange creates a conditional range request that is only fulfilled if the given etag or date matches the remote resource.

LastModified is the last modification date of the resource, used to compare several versions of the same resource.

Link is the Link entity-header field provides a means for serializing one or more links in HTTP headers.

Location indicates the URL to redirect a page to.

Origin indicates where a fetch originates from.

OriginAgentCluster (OAC) allows a site to control which features and APIs can be used in the browser.

PermissionsPolicy allows a site to control which features and APIs can be used in the browser.

Pragma implementation-specific header that may have various effects anywhere along the request-response chain.

ProxyAuthenticate defines the authentication method that should be used to access a resource behind a proxy server.

ProxyAuthorization contains the credentials to authenticate a user agent with a proxy server.

Range indicates the part of a document that the server should return.

Referrer is the address of the previous web page from which a link to the currently requested page was followed.

ReferrerPolicy controls how much referrer information (sent via the Referer header) should be included with requests.

RetryAfter indicates how long the user agent should wait before making a follow-up request.

SecWebSocketAccept ...

SecWebSocketExtensions ...

SecWebSocketKey ...

SecWebSocketProtocol ...

SecWebSocketVersion ...

Server contains information about the software used by the origin server to handle the request.

SetCookie sends cookies from the server to the user-agent.

StrictTransportSecurity (HSTS) forces communication using HTTPS insted of HTTP.

TE specifies the transfer encodings the user agent is willing to accept.

Traceparent contains information about the incoming request in a tracing system.

Trailer allows the sender to include additional fileds at the end of chunked message.

TransferEncoding specifies the form of encoding used to safely transfer the resource to the user.

Upgrade ...

UpgradeInsecureRequests sends a signal to the server expressing the client's preference for an encrypted and authenticated response, and that it can successfully handle the upgrade-insecure-requests directive.

UserAgent contains a characteristic string that allows the network protocol peers to identify the application type, operating system, software vendor or software version of the requesting software user agent.

Vary determines how to match request headers to decide whether a cached response can be used rather than requesting a fresh one from the origin server.

Via added by a proxied, both forward and reverse proxies, and can appear in the request headers and the response headers.

WWWAuthenticate defines the authentication method that should be used to access a resource.

XConnectToken is the token to communicate with backend api.

XContentTypeOptions stops a browser from trying to MIME-sniff the content type and forces it to stick with the declared content-type.

XDNSPrefetchControl controls DNS prefetching.

XDownloadOptions specifies whether the browser should be allowed to open a download dialog.

XForwardedFor identifieds the originating IP addresses of a client connecting to a web server through an HTTP proxy or a load balancer.

XForwardedHost identifies the original hostname requested that a client used to connect to your proxy or load balancer.

XForwardedPort identifies the original port requested that a client used to connect to your proxy or load balancer.

XForwardedProto identifies the original protocol (HTTP or HTTPS) requested that a client used to connect to your proxy or load balancer.

XFrameOptions (XFO) indicates whether a browser should be allowed to render a page in a <frame>, <iframe>, <embed>, or <object>.

XPermittedCrossDomainPolicies defines a policy for fetching content from a cross-domain policy file (crossdomain.xml).

XPoweredBy ...

XRateLimitLimit indicates the maximum number of requests you're permitted to make per hour.

XRateLimitRemaining indicates the number of requests remaining in the current rate limit window.

XRateLimitReset indicates the time at which the current rate limit window resets in UTC epoch seconds.

XRealIP added by a proxied, both forward and reverse proxies, and can appear in the request headers and the response headers.

XRequestID ...

XXSSProtection enables cross-site scripting filtering.

Version is the version of this package.