Accept
RequestSpecifies the media types that the client can understand in the response.
Syntax
Accept: <media-type>Example
Accept: application/jsonCommon values
application/jsontext/htmlapplication/xml*/*HTTP reference
Search common HTTP request, response, security, caching and authentication headers.
27 headers
Specifies the media types that the client can understand in the response.
Syntax
Accept: <media-type>Example
Accept: application/jsonCommon values
application/jsontext/htmlapplication/xml*/*Indicates which content encodings the client can decode.
Syntax
Accept-Encoding: <encoding>Example
Accept-Encoding: gzip, brCommon values
gzipbrdeflateidentityIndicates the languages preferred by the client.
Syntax
Accept-Language: <language-tag>Example
Accept-Language: en-US, en;q=0.9Common values
en-USen-GBes-ES*Carries credentials used to authenticate the client with a server.
Syntax
Authorization: <scheme> <credentials>Example
Authorization: Bearer eyJhbGciOi...Common values
Bearer <token>Basic <credentials>Defines caching rules for requests and responses.
Syntax
Cache-Control: <directive>Example
Cache-Control: public, max-age=3600Common values
no-storeno-cachepublicprivatemax-age=3600immutableControls whether the network connection remains open after the current exchange.
Syntax
Connection: <option>Example
Connection: keep-aliveCommon values
keep-alivecloseIndicates whether content should be displayed inline or downloaded as an attachment.
Syntax
Content-Disposition: attachment; filename="<filename>"Example
Content-Disposition: attachment; filename="report.csv"Common values
inlineattachmentSpecifies the encoding applied to the response body.
Syntax
Content-Encoding: <encoding>Example
Content-Encoding: gzipCommon values
gzipbrdeflateReports the size of the message body in bytes.
Syntax
Content-Length: <number>Example
Content-Length: 348Restricts which resources a browser may load and execute for a page.
Syntax
Content-Security-Policy: <policy-directives>Example
Content-Security-Policy: default-src 'self'; img-src 'self' data:Common values
default-srcscript-srcstyle-srcimg-srcconnect-srcframe-ancestorsDescribes the media type and optional character encoding of the message body.
Syntax
Content-Type: <media-type>; charset=<encoding>Example
Content-Type: application/json; charset=utf-8Common values
application/jsontext/htmltext/plainmultipart/form-dataapplication/octet-streamSends cookies previously stored by the browser to the server.
Syntax
Cookie: <name>=<value>; <name>=<value>Example
Cookie: session=abc123; theme=darkProvides an identifier for a specific version of a resource.
Syntax
ETag: "<identifier>"Example
ETag: "686897696a7c876b7e"Identifies the domain and optional port of the target server.
Syntax
Host: <hostname>:<port>Example
Host: api.example.com:443Requests the resource only when it has changed after the supplied date.
Syntax
If-Modified-Since: <http-date>Example
If-Modified-Since: Wed, 15 Jul 2026 10:00:00 GMTRequests the resource only when its current ETag differs from the supplied value.
Syntax
If-None-Match: "<etag>"Example
If-None-Match: "686897696a7c876b7e"Provides the target URL for a redirect or the location of a newly created resource.
Syntax
Location: <url>Example
Location: https://example.com/new-pageIdentifies the origin that initiated a cross-origin request.
Syntax
Origin: <scheme>://<host>:<port>Example
Origin: https://app.example.comContains the address of the page that initiated the current request.
Syntax
Referer: <url>Example
Referer: https://example.com/dashboardCreates or updates one cookie in the client.
Syntax
Set-Cookie: <name>=<value>; <attributes>Example
Set-Cookie: session=abc123; Path=/; Secure; HttpOnly; SameSite=LaxCommon values
SecureHttpOnlySameSite=LaxSameSite=StrictSameSite=NoneMax-AgeExpiresInstructs browsers to access the domain only through HTTPS for a defined period.
Syntax
Strict-Transport-Security: max-age=<seconds>Example
Strict-Transport-Security: max-age=31536000; includeSubDomainsCommon values
max-age=31536000includeSubDomainspreloadIdentifies the client software making the request.
Syntax
User-Agent: <product>Example
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)Lists request headers that affect how a cached response was selected.
Syntax
Vary: <header-name>Example
Vary: Accept-Encoding, OriginCommon values
Accept-EncodingOriginAccept-Language*Describes the authentication method required to access a protected resource.
Syntax
WWW-Authenticate: <scheme> realm="<realm>"Example
WWW-Authenticate: Bearer realm="api"Prevents browsers from guessing a response media type different from Content-Type.
Syntax
X-Content-Type-Options: nosniffExample
X-Content-Type-Options: nosniffCommon values
nosniffIdentifies the originating client IP address when requests pass through proxies.
Syntax
X-Forwarded-For: <client>, <proxy>Example
X-Forwarded-For: 203.0.113.10, 198.51.100.7Controls whether a browser may display the page inside a frame.
Syntax
X-Frame-Options: <directive>Example
X-Frame-Options: DENYCommon values
DENYSAMEORIGIN