HTTP Headers Guide
Request Headers
| Header | Purpose | Example |
|---|---|---|
| Accept | Content types client accepts | text/html, application/json |
| Authorization | Auth credentials | Bearer {token} |
| Content-Type | Body format | application/json; charset=utf-8 |
| User-Agent | Client software info | Mozilla/5.0 ... |
| Cookie | Session cookies | session=abc123 |
| Referer | Origin page URL | https://example.com/page |
| Cache-Control | Caching directives | no-cache, max-age=3600 |
| Accept-Language | Preferred language | en-US,en;q=0.9 |
Response Headers
| Header | Purpose | Example |
|---|---|---|
| Content-Type | Response body format | application/json |
| Set-Cookie | Sets browser cookie | id=a3; HttpOnly; Secure |
| Location | Redirect URL (3xx) | https://example.com/new |
| Cache-Control | Caching policy | public, max-age=86400 |
| ETag | Resource version tag | "33a64df5" |
| X-Frame-Options | Clickjacking protection | DENY or SAMEORIGIN |
| CORS (Access-Control-Allow-Origin) | Cross-origin access | * or https://allowed.com |
| Strict-Transport-Security | Force HTTPS (HSTS) | max-age=31536000; includeSubDomains |
| Content-Security-Policy | Allowed resource sources | default-src 'self' |