HTTP Response Headers

A server can respond with a variety of headers in its response to your web browser. Here you can learn what each one means.

Accept-Ranges

Indicates that the server can handle partial requests and resume interrupted downloads.

Age

Number of seconds that the page has been in a proxy cache.

Cache-Control

Used to control how the response can be cached by any mechanism along the chain.

Content-Language

Specifies the language that the intended audience should be able to speak.

Content-Security-Policy

Used to protect users from Cross Site Scripting and Data Injection attacks.

Content-Type

Indicates the media type of the response that is being sent.

Feature-Policy

Controls which features of the web browser are allowed to work for this website.

Permissions-Policy

Controls which features of the web browser are allowed to work for this website.

Referrer-Policy

Protects data from being leaked to 3rd party or insecure origins.

Server

Provides information about the software used by the server to handle the request.

Strict-Transport-Security

Tells web browsers that they should only use HTTPS connections to view this website.

X-Content-Type-Options

Tells the web browser that the Content-Type headers are deliberately set and should be followed.

X-Frame-Options

Prevents sites from being displayed inside an iframe.

X-Powered-By

Provides information about the software running on your server that was used to generate the webpage.

X-XSS-Protection

Provides protection against reflected cross-site scripting attacks.