Every HTTP response can have a set of headers.
Let’s list the most important/useful response headers.
Age
Age: 12
The age the object has been in a proxy cache in seconds
Cache-Control
Cache-Control: max-age=3600
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
If no-cache
is used, the Cache-Control
header can tell the browser to never use a cached version of a resource without first checking the ETag value.
max-age
is measured in seconds
The more restrictive no-store
option tells the browser (and all the intermediary network devices) the not even store the resource in its cache:
Cache-Control: no-store
Content-Disposition
Content-Disposition: attachment; filename="file.txt"
An opportunity to raise a “File Download” dialogue box for a known MIME type with binary format or suggest a filename for dynamic content. Quotes are necessary with special characters
Content-Encoding
Content-Encoding: gzip
The type of encoding used on the data. See HTTP compression
Content-Language
Content-Language: en
The natural language or languages of the intended audience for the enclosed content
Content-Length
Content-Length: 348
The length of the response body expressed in 8-bit bytes
Content-Type
Content-Type: text/html; charset=utf-8
The MIME type of this content
Date
Date: Tue, 15 Nov 1994 08:12:31 GMT
The date and time that the message was sent (in “HTTP-date” format as defined by RFC 7231)
ETag
ETag: "737060cd8c284d8a[...]"
An identifier for a specific version of a resource, often a message digest
Expires
Expires: Sat, 01 Dec 2018 16:00:00 GMT
Gives the date/time after which the response is considered stale (in “HTTP-date” format as defined by RFC 7231)
Last-Modified
Last-Modified: Mon, 15 Nov 2017 12:00:00 GMT
The last modified date for the requested object (in “HTTP-date” format as defined by RFC 7231)
Location
Location: /pub/WWW/People.html
Used in redirection, or when a new resource has been created
Server
Server: Apache/2.4.1 (Unix)
A name for the server
Set-Cookie
Set-Cookie: UserID=JohnDoe; Max-Age=3600; Version=1
Sets an HTTP cookie
Non-standard headers
Some headers are non-standard.
Content-Security-Policy
Helps to protect against XSS attacks. See MDN for more details
Lessons in this unit:
0: | Introduction |
1: | An HTTP request |
2: | HTTP Methods |
3: | HTTP Status Codes |
4: | HTTP Client/Server communication |
5: | HTTP Request Headers |
6: | ▶︎ HTTP Response Headers |
7: | HTTPS |
8: | HTTP/2 |
9: | HTTP/3 |