HTTP: HTTP Response Headers

Every HTTP response can have a set of headers.

Let’s list the most important/useful response headers.

Age

Age: 12

The age the object has been in a proxy cache in seconds

Cache-Control

Cache-Control: max-age=3600 Cache-Control: no-cache, no-store, max-age=0, must-revalidate

If no-cache is used, the Cache-Control header can tell the browser to never use a cached version of a resource without first checking the ETag value.

max-age is measured in seconds

The more restrictive no-store option tells the browser (and all the intermediary network devices) the not even store the resource in its cache:

Cache-Control: no-store

Content-Disposition

Content-Disposition: attachment; filename="file.txt"

An opportunity to raise a “File Download” dialogue box for a known MIME type with binary format or suggest a filename for dynamic content. Quotes are necessary with special characters

Content-Encoding

Content-Encoding: gzip

The type of encoding used on the data. See HTTP compression

Content-Language

Content-Language: en

The natural language or languages of the intended audience for the enclosed content

Content-Length

Content-Length: 348

The length of the response body expressed in 8-bit bytes

Content-Type

Content-Type: text/html; charset=utf-8

The MIME type of this content

Date

Date: Tue, 15 Nov 1994 08:12:31 GMT

The date and time that the message was sent (in “HTTP-date” format as defined by RFC 7231)

ETag

ETag: "737060cd8c284d8a[...]"

An identifier for a specific version of a resource, often a message digest

Expires

Expires: Sat, 01 Dec 2018 16:00:00 GMT

Gives the date/time after which the response is considered stale (in “HTTP-date” format as defined by RFC 7231)

Last-Modified

Last-Modified: Mon, 15 Nov 2017 12:00:00 GMT

The last modified date for the requested object (in “HTTP-date” format as defined by RFC 7231)

Location

Location: /pub/WWW/People.html

Used in redirection, or when a new resource has been created

Server

Server: Apache/2.4.1 (Unix)

A name for the server

Set-Cookie: UserID=JohnDoe; Max-Age=3600; Version=1

Sets an HTTP cookie

Non-standard headers

Some headers are non-standard.

Content-Security-Policy

Helps to protect against XSS attacks. See MDN for more details

Lessons in this unit:

0: Introduction
1: An HTTP request
2: HTTP Methods
3: HTTP Status Codes
4: HTTP Client/Server communication
5: HTTP Request Headers
6: ▶︎ HTTP Response Headers
7: HTTPS
8: HTTP/2
9: HTTP/3
Want to learn more? Check out our courses