HTTP Response Headers

A server can respond with a variety of headers in its response to your web browser. Here you can learn what each one means.

Accept-Ranges

Indicates that the server can handle partial requests and resume interrupted downloads.

Age

Number of seconds that the page has been in a proxy cache.

alt-svc

Tells the browser to load the content from another server, without doing a redirect.

Cache-Control

Used to control how the response can be cached by any mechanism along the response chain.

CF-Cache-Status

A header used by Cloudflare to indicate whether a resource was cached or not.

CF-RAY

An ID used by Cloudflare to track requests.

content-encoding

Tells the web browser how to decode the data being sent. This is usually used to compress data for more efficient transfer.

Content-Language

Specifies the language that the intended audience should be able to speak.

Content-Length

Contains the size, in bytes, of the body of the response.

Content-Security-Policy

Used to protect users from Cross Site Scripting and Data Injection attacks.

Content-Type

Indicates the media type of the response that is being sent.

Date

Indicates the date and time when the server response was generated.

ETag

A unique identifier for a resource to let web caches work more efficiently.

Expires

Contains a date and time after which the current response is stale and should be refetched.

Feature-Policy

Controls which features of the web browser are allowed to work for this website.

Last-Modified

This header includes a date which references the day and time when this resource was last updated.

NEL

The NEL header is used to configure Network Error Logging.

Permissions-Policy

Controls which features of the web browser are allowed to work for this website.

Referrer-Policy

Protects data from being leaked to 3rd party or insecure origins.

Report-To

Specifies how the web browser should report certain types of issues that it encounters.

Server

Provides information about the software used by the server.

Set-Cookie

Instructs the browser to store some information and then send it back to the server on subsequent requests.

Strict-Transport-Security

Tells web browsers that they should only use HTTPS connections to view this website.

Transfer-Encoding

Specifies the encoding used to transfer the response to the client.

Vary

Indicates to caching layers how to handle responses based on different request headers.

X-Content-Type-Options

Tells the web browser that the Content-Type headers are deliberately set and should be followed.

X-Frame-Options

Prevents sites from being displayed inside an iframe.

X-Powered-By

Provides information about the software running on your server that was used to generate the webpage.

X-XSS-Protection

Provides protection against reflected cross-site scripting attacks.