HTTP Headers Reference
// Searchable reference of HTTP headers
Cache-Controlboth
Directives for caching mechanisms in both requests and responses.
Cache-Control: no-cache
Connectionboth
Controls whether the network connection stays open after the current transaction.
Connection: keep-alive
Dateboth
The date and time at which the message was originated.
Date: Wed, 21 Oct 2023 07:28:00 GMT
Transfer-Encodingboth
Specifies the form of encoding used to safely transfer the payload body.
Transfer-Encoding: chunked
Upgradeboth
Asks the server to upgrade to another protocol.
Upgrade: websocket
Viaboth
Informs the server of proxies through which the request was sent.
Via: 1.1 proxy.example.com
Acceptrequest
Media types the client can process.
Accept: application/json
Accept-Encodingrequest
Encoding algorithms the client can understand.
Accept-Encoding: gzip, deflate, br
Accept-Languagerequest
Natural languages the client prefers.
Accept-Language: en-US,en;q=0.9
Authorizationrequest
Credentials for authenticating the client with the server.
Authorization: Bearer eyJhbGci...
Cookierequest
Contains stored HTTP cookies previously sent by the server.
Cookie: session=abc123; theme=dark
Hostrequest
Specifies the domain name of the server and optionally the port.
Host: www.example.com
If-Modified-Sincerequest
Makes the request conditional: the server returns the resource only if modified after the given date.
If-Modified-Since: Sat, 29 Oct 2023 19:43:31 GMT
If-None-Matchrequest
Makes the request conditional: the server returns the resource only if the ETag does not match.
If-None-Match: "686897696a7c876b7e"
Originrequest
Indicates the origin of the request, used for CORS.
Origin: https://example.com
Refererrequest
The address of the previous page that linked to the current request.
Referer: https://example.com/page
User-Agentrequest
Identifies the client software making the request.
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)
Access-Control-Allow-Originresponse
Specifies which origins can access the resource (CORS).
Access-Control-Allow-Origin: *
Content-Dispositionresponse
Indicates if the content should be displayed inline or as a download.
Content-Disposition: attachment; filename="file.pdf"
Content-Typeresponse
Indicates the media type of the resource.
Content-Type: application/json; charset=utf-8
Content-Lengthresponse
The size of the response body in bytes.
Content-Length: 348
ETagresponse
An identifier for a specific version of a resource for caching.
ETag: "686897696a7c876b7e"
Locationresponse
Used in redirections to indicate the URL to redirect to.
Location: https://example.com/new-page
Set-Cookieresponse
Sends a cookie from the server to the client.
Set-Cookie: id=a3fWa; Expires=Thu, 21 Oct 2025 07:28:00 GMT; Secure; HttpOnly
WWW-Authenticateresponse
Defines the authentication method to access a resource.
WWW-Authenticate: Bearer realm="example"
X-Content-Type-Optionsresponse
Prevents MIME type sniffing.
X-Content-Type-Options: nosniff
X-Frame-Optionsresponse
Indicates whether the page can be rendered in a frame.
X-Frame-Options: DENY
Content-Security-Policyresponse
Controls which resources the browser is allowed to load for a page.
Content-Security-Policy: default-src 'self'
Strict-Transport-Securityresponse
Forces HTTPS connections to the server.
Strict-Transport-Security: max-age=31536000; includeSubDomains
Permissions-Policyresponse
Controls which browser features can be used (replaces Feature-Policy).
Permissions-Policy: geolocation=(), camera=()
Referrer-Policyresponse
Controls how much referrer information is sent with requests.
Referrer-Policy: strict-origin-when-cross-origin
Cross-Origin-Opener-Policyresponse
Prevents other domains from opening/controlling a window.
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policyresponse
Prevents other origins from reading the response.
Cross-Origin-Resource-Policy: same-origin
#About HTTP Headers Reference
Free online HTTP headers reference. Browse and search all standard HTTP request and response headers with descriptions and examples. This tool runs entirely in your browser — your data is never sent to a server. Just paste your input, get instant results, and copy with one click. No sign-up or installation required.
#FAQ
What are HTTP headers? ▾
HTTP headers are key-value pairs sent between client and server in HTTP requests and responses. They carry metadata such as content type, authentication credentials, caching directives, and more.
What is the difference between request and response headers? ▾
Request headers are sent by the client to the server (e.g., Accept, Authorization), while response headers are sent by the server back to the client (e.g., Content-Type, Set-Cookie).
</> Embed this tool ▾
Copy this code to embed the tool on your website. Adjust the height to fit your layout.
<iframe src="https://www.browserutils.dev/embed/http-headers-reference" width="100%" height="500" frameborder="0" title="HTTP Headers Reference"></iframe>