TryAPI/Free Tools
Sign in

HTTP Headers Reference

Complete reference of HTTP headers with descriptions and examples.

Request Headers
Accept
Content

Media types the client can process

application/json, text/html
Accept-Encoding
Content

Encoding algorithms the client supports

gzip, deflate, br
Accept-Language
Content

Natural languages the client prefers

en-US,en;q=0.9
Authorization
Auth

Credentials for authenticating the client

Bearer eyJhbGc...
Cache-Control
Cache

Directives for caching mechanisms

no-cache, no-store
Content-Type
Content

Media type of the request body

application/json
Cookie
Auth

HTTP cookies previously sent by the server

session=abc123
Host
Routing

Domain name of the server

api.example.com
Origin
Security

Origin of the request (for CORS)

https://example.com
Referer
Routing

Address of the previous page

https://example.com/page
User-Agent
Client

Information about the client application

Mozilla/5.0...
X-API-Key
Auth

API key for authentication

sk_live_abc123
X-Request-ID
Debug

Unique identifier for the request

req-123-456
Response Headers
Access-Control-Allow-Origin
Security

Origins allowed to access the resource (CORS)

*
Cache-Control
Cache

Caching directives for the response

max-age=3600, public
Content-Encoding
Content

Encoding used on the response body

gzip
Content-Length
Content

Size of the response body in bytes

1234
Content-Type
Content

Media type of the response body

application/json; charset=utf-8
ETag
Cache

Identifier for a specific version of the resource

"abc123"
Expires
Cache

Date/time after which the response is stale

Thu, 01 Dec 2024 16:00:00 GMT
Last-Modified
Cache

Date the resource was last modified

Wed, 21 Oct 2023 07:28:00 GMT
Location
Routing

URL to redirect to

https://example.com/new-page
Set-Cookie
Auth

Send cookies from server to client

session=abc; HttpOnly; Secure
X-RateLimit-Limit
Rate Limit

Maximum number of requests allowed

1000
X-RateLimit-Remaining
Rate Limit

Number of requests remaining

999
X-RateLimit-Reset
Rate Limit

Time when the rate limit resets

1640995200
Security Headers
Content-Security-Policy
Security

Controls resources the browser can load

default-src 'self'
Strict-Transport-Security
Security

Forces HTTPS connections

max-age=31536000; includeSubDomains
X-Content-Type-Options
Security

Prevents MIME type sniffing

nosniff
X-Frame-Options
Security

Controls iframe embedding

DENY
X-XSS-Protection
Security

Controls XSS filtering

1; mode=block
Referrer-Policy
Security

Controls referrer information sent

strict-origin-when-cross-origin
Permissions-Policy
Security

Controls browser features

geolocation=(), microphone=()
Caching Headers
Age
Cache

Time in seconds the object was in proxy cache

3600
Cache-Control
Cache

Directives for caching mechanisms

public, max-age=31536000
Clear-Site-Data
Cache

Clears browsing data

"cache", "cookies"
ETag
Cache

Identifier for resource version

W/"abc123"
If-Match
Cache

Conditional request based on ETag

"abc123"
If-None-Match
Cache

Conditional request if ETag differs

"abc123"
If-Modified-Since
Cache

Conditional request based on date

Wed, 21 Oct 2023 07:28:00 GMT
Vary
Cache

Headers that affect cache matching

Accept-Encoding, Origin
Test headers interactively in your API playgroundTry TryAPI free