Response Headers
Introduction
HTTP response headers are key-value pairs sent by a server to a client (such as a web browser or API client) as part of an HTTP response. These headers provide additional information about the response, such as the server's identity, the content type, caching directives, and more.
Response headers are essential for controlling how clients handle the received content, manage caching, and ensure proper communication. Below is a comprehensive list of commonly used HTTP response headers along with a brief description of their purpose.
Common response headers
Below is a table of common HTTP response headers and info about their usage:
| Header Name | Description |
|---|---|
| Accept-Ranges | Indicates the server's support for range requests. |
| Access-Control-Allow-Origin | Specifies the origin(s) allowed to access the resource (CORS). |
| Age | Indicates the time the resource has been cached on the server. |
| Allow | Lists the HTTP methods supported by the server. |
| Cache-Control | Specifies caching directives for the response. |
| Connection | Specifies options for the network connection. |
| Content-Encoding | Specifies the encoding used for the response body. |
| Content-Language | Specifies the language(s) of the response content. |
| Content-Length | Indicates the size of the response body in bytes. |
| Content-Location | Specifies an alternate URL for the returned content. |
| Content-Disposition | Indicates how the content should be handled (e.g., as an attachment). |
| Content-Range | Indicates the range of data included in the response. |
| Content-Type | Specifies the media type of the response body. |
| Date | Indicates the date and time the response was generated. |
| ETag | Provides an identifier for a specific version of a resource. |
| Expires | Specifies the date and time after which the response is considered stale. |
| Last-Modified | Indicates the date and time the resource was last modified. |
| Location | Specifies a URL to redirect the client to. |
| Pragma | Provides backward compatibility with HTTP/1.0 caches. |
| Proxy-Authenticate | Requests authentication from the client for a proxy. |
| Refresh | Specifies a delay after which the browser should refresh the page. |
| Retry-After | Indicates how long the service should wait before retrying a request. |
| Server | Identifies the server software used to handle the request. |
| Set-Cookie | Sets an HTTP cookie in the client's browser. |
| Strict-Transport-Security | Enforces secure (HTTPS) connections to the server. |
| Transfer-Encoding | Specifies the encoding used to transfer the response body. |
| Vary | Specifies the headers used to determine the response. |
| Via | Indicates intermediate proxies the request passed through. |
| WWW-Authenticate | Requests authentication from the client. |
| X-Content-Type-Options | Controls how the browser should interpret the Content-Type. |
| X-Frame-Options | Controls whether the response can be framed. |
| X-XSS-Protection | Enables cross-site scripting (XSS) filtering. |