Directives for caching mechanisms in both requests and responses.

Controls whether the network connection stays open after the current transaction.

The date and time at which the message was originated.

Specifies the form of encoding used to safely transfer the payload body.

Asks the server to upgrade to another protocol.

Informs the server of proxies through which the request was sent.

Media types the client can process.

Encoding algorithms the client can understand.

Natural languages the client prefers.

Credentials for authenticating the client with the server.

Contains stored HTTP cookies previously sent by the server.

Specifies the domain name of the server and optionally the port.

Makes the request conditional: the server returns the resource only if modified after the given date.

Makes the request conditional: the server returns the resource only if the ETag does not match.

Indicates the origin of the request, used for CORS.

The address of the previous page that linked to the current request.

Identifies the client software making the request.

Specifies which origins can access the resource (CORS).

Indicates if the content should be displayed inline or as a download.

Indicates the media type of the resource.

The size of the response body in bytes.

An identifier for a specific version of a resource for caching.

Used in redirections to indicate the URL to redirect to.

Sends a cookie from the server to the client.

Defines the authentication method to access a resource.

Prevents MIME type sniffing.

Indicates whether the page can be rendered in a frame.

Controls which resources the browser is allowed to load for a page.

Forces HTTPS connections to the server.

Controls which browser features can be used (replaces Feature-Policy).

Controls how much referrer information is sent with requests.

Prevents other domains from opening/controlling a window.

Prevents other origins from reading the response.