Riferimento Header HTTP
Riferimento header HTTP.
AcceptrequestcontentMedia types the client can handle
Accept: application/jsonAccept-EncodingrequestcontentCompression algorithms the client supports
Accept-Encoding: gzip, deflate, brAccept-LanguagerequestcontentPreferred languages for the response
Accept-Language: en-US,en;q=0.9AuthorizationrequestauthCredentials for authentication
Authorization: Bearer <token>CookierequestauthCookies previously sent by server
Cookie: session=abc123; user=johnHostrequestroutingDomain name of the server
Host: www.example.comOriginrequestcorsOrigin of the request (for CORS)
Origin: https://example.comRefererrequestroutingURL of the previous page
Referer: https://example.com/pageUser-AgentrequestinfoBrowser/client identification string
User-Agent: Mozilla/5.0...X-Requested-WithrequestinfoIndicates AJAX request
X-Requested-With: XMLHttpRequestIf-Modified-SincerequestcacheConditional request based on date
If-Modified-Since: Wed, 21 Oct 2023 07:28:00 GMTIf-None-MatchrequestcacheConditional request based on ETag
If-None-Match: "abc123"Access-Control-Allow-OriginresponsecorsOrigins allowed to access resource
Access-Control-Allow-Origin: *Access-Control-Allow-MethodsresponsecorsHTTP methods allowed for CORS
Access-Control-Allow-Methods: GET, POST, PUTAccess-Control-Allow-HeadersresponsecorsHeaders allowed in CORS requests
Access-Control-Allow-Headers: Content-Type, AuthorizationAccess-Control-Max-AgeresponsecorsHow long CORS preflight is cached
Access-Control-Max-Age: 86400Cache-Controlreq/rescacheCaching directives
Cache-Control: max-age=3600, publicContent-DispositionresponsecontentHow content should be displayed
Content-Disposition: attachment; filename="file.pdf"Content-EncodingresponsecontentCompression used on the body
Content-Encoding: gzipContent-Typereq/rescontentMedia type of the body
Content-Type: application/json; charset=utf-8Content-Lengthreq/rescontentSize of the body in bytes
Content-Length: 1234ETagresponsecacheIdentifier for a specific version
ETag: "abc123"ExpiresresponsecacheDate after which response is stale
Expires: Thu, 01 Dec 2023 16:00:00 GMTLast-ModifiedresponsecacheDate of last modification
Last-Modified: Wed, 21 Oct 2023 07:28:00 GMTLocationresponseroutingRedirect URL
Location: https://example.com/new-pageSet-CookieresponseauthSend cookies to the client
Set-Cookie: session=abc123; Path=/; HttpOnlyStrict-Transport-SecurityresponsesecurityForce HTTPS connections
Strict-Transport-Security: max-age=31536000; includeSubDomainsContent-Security-PolicyresponsesecurityControl resources the client can load
Content-Security-Policy: default-src 'self'X-Content-Type-OptionsresponsesecurityPrevent MIME type sniffing
X-Content-Type-Options: nosniffX-Frame-OptionsresponsesecurityControl iframe embedding
X-Frame-Options: DENYX-XSS-ProtectionresponsesecurityEnable XSS filter (legacy)
X-XSS-Protection: 1; mode=blockReferrer-PolicyresponsesecurityControl referrer information
Referrer-Policy: strict-origin-when-cross-originPermissions-PolicyresponsesecurityControl browser features
Permissions-Policy: camera=(), microphone=()WWW-AuthenticateresponseauthAuthentication method required
WWW-Authenticate: Bearer realm="api"Retry-AfterresponseinfoWhen to retry after rate limiting
Retry-After: 120X-RateLimit-LimitresponseinfoRate limit ceiling
X-RateLimit-Limit: 1000X-RateLimit-RemainingresponseinfoRemaining requests in window
X-RateLimit-Remaining: 999X-Request-IdresponseinfoUnique request identifier
X-Request-Id: abc123-def456HTTP Headers - Dettagli tecnici
HTTP headers let clients and servers pass additional information with requests and responses. They're essential for authentication, caching, content negotiation, and security. Understanding headers is crucial for API development.
Alternativa da riga di comando
# Common security headers\nContent-Security-Policy: default-src 'self'\nStrict-Transport-Security: max-age=31536000\nX-Content-Type-Options: nosniff