HTTP Headers Explained in details:
Here's a list of common HTTP headers you might see. We have tried to keep it simple for you to understand in details.
Following are the common list of HTTP headers that server returns upon request and its explaination:
Status: Example HTTP/1.0 200 OK
Following are returned status codes and its meaning
- Success Responses (2XX)
- 200: Valid URL (OK)
- 201 Created: Creation of a new resource
- 202 Accepted: Processing has not been completed
- 203 Non-Authoritative Information: Succeeded but the enclosed payload has been modified from that of the origin server's 200 OK response
- 204 No Content: Not returned any content
- 205 Reset Content: The server successfully processed the request, asks that the requester reset its document view.
- 206 Partial Content: The server is delivering only part of the resource due to a range header sent by the client.
- Redirection Messages (3XX)
- 301: Page moved permanently
- 302: Page moved temporarily
- 303 See Other: Get the requested resource at another URI with a GET request
- 304 Not Modified: The resource has not been modified
- 307 Temporary Redirect: Get the requested resource at another URI with the same method
- 308 Permanent Redirect: Get the requested resource at another URI with the same method, and the location is permanent.
- Client Error Responses (4XX)
- 400 Bad Request: The server could not understand the request
- 401 Unauthorized: The client must authenticate itself to get the requested response.
- 403 Forbidden: Does not have access rights to the content
- 404 Not Found: The server can not find the requested URL
- 410 Gone: Page / URL has been permanently deleted from the server
- 414 URI Too Long: The URI requested by the client is longer than the server is willing to interpret
- 415 Unsupported Media Type: The media format of the requested data is not supported by the server
- 423 Locked: The resource that is being accessed is locked
- 429 Too Many Requests: The user has sent too many requests in a given amount of time
- 451 Unavailable For Legal Reasons: The user requests an illegal resource, such as a web page censored by a government.
- Server Error Responses (5XX)
- 500 Internal Server Error
- 501 Not Implemented
- 502 Bad Gateway
- 503 Service Unavailable
- 504 Gateway Timeout
- 505 HTTP Version Not Supported
- 506 Variant Also Negotiates
- 507 Insufficient Storage
- 508 Loop Detected: The server detected an infinite loop while processing a request
- 510 Not Extended
- 511 Network Authentication Required
Date: The date and time at which the server generated the response.
Connection: Common values are keep-alive or close. Example: Connection: keep-alive.
Server: Shows you about the software used by the server. Example: Server: Apache/2.4.41 (Ubuntu).
Content-Type: Media type of the resource. Example: Content-Type: text/html; charset=UTF-8.
Content-Length: Response body in bytes. Example: Content-Length: 4779.
Content-Encoding: Encoding / Compression used on the data. Example: Content-Encoding: gzip.
Last-Modified: When the resource was last modified. Example: Last-Modified: Tue, 20 Jun 2024 19:15:00 GMT.
ETag: A unique identifier for a specific version of the resource. Example: ETag: "34f7-5d7a7d8a34400".
Cache-Control: Directives for caching mechanisms in both requests and responses. Example: Cache-Control: no-cache, no-store, must-revalidate.
Expires: Shows response expiry date. Example: Expires: -1 means response should not be cached
Set-Cookie: Used to send cookies from the server to the user agent. Example: Set-Cookie: sessionId=abc123; Path=/; HttpOnly.
Location: Used in redirection or when a new resource has been created. Example: Location: https://example.com/new-page.
User-Agent: Contains information about the user agent originating the request. Example: User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36.
Accept: The media types that are acceptable for the response. Example: Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8.
Host: The domain name of the server (for virtual hosting), and the TCP port number on which the server is listening. Example: Host: example.com.
Referer: The address of the previous web page from which a link to the currently requested page was followed. Example: Referer: https://google.com.
Accept-Encoding: The encoding methods that are acceptable in the response. Example: Accept-Encoding: gzip, deflate, br.
Strict-Transport-Security: Enforces secure (HTTPS) connections to the server. Example: Strict-Transport-Security: max-age=31536000; includeSubDomains.
Content-Security-Policy: Helps to prevent XSS attacks by specifying the sources from which content is allowed to be loaded. Example: Content-Security-Policy: default-src 'self'; script-src 'self' https://trusted.cdn.com.
X-Frame-Options: Provides clickjacking protection. Example: X-Frame-Options: DENY.
X-Content-Type-Options: Prevents the browser from MIME-sniffing a response away from the declared content type. Example: X-Content-Type-Options: nosniff.
Referrer-Policy: Controls how much referrer information is included with requests. Example: Referrer-Policy: no-referrer-when-downgrade.
Permissions-Policy: Allows or denies the use of browser features such as geolocation, camera, etc. Example: Permissions-Policy: geolocation=(self).