Every HTTP response can have a set of headers.
Let’s list the most important/useful response headers.
The age the object has been in a proxy cache in seconds
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
no-cache is used, the
Cache-Control header can tell the browser to never use a cached version of a resource without first checking the ETag value.
max-age is measured in seconds
The more restrictive
no-store option tells the browser (and all the intermediary network devices) the not even store the resource in its cache:
Content-Disposition: attachment; filename="file.txt"
An opportunity to raise a “File Download” dialogue box for a known MIME type with binary format or suggest a filename for dynamic content. Quotes are necessary with special characters
The type of encoding used on the data. See HTTP compression
The natural language or languages of the intended audience for the enclosed content
The length of the response body expressed in 8-bit bytes
Content-Type: text/html; charset=utf-8
The MIME type of this content
Date: Tue, 15 Nov 1994 08:12:31 GMT
The date and time that the message was sent (in “HTTP-date” format as defined by RFC 7231)
An identifier for a specific version of a resource, often a message digest
Expires: Sat, 01 Dec 2018 16:00:00 GMT
Gives the date/time after which the response is considered stale (in “HTTP-date” format as defined by RFC 7231)
Last-Modified: Mon, 15 Nov 2017 12:00:00 GMT
The last modified date for the requested object (in “HTTP-date” format as defined by RFC 7231)
Used in redirection, or when a new resource has been created
Server: Apache/2.4.1 (Unix)
A name for the server
Set-Cookie: UserID=JohnDoe; Max-Age=3600; Version=1
Sets an HTTP cookie
Some headers are non-standard.
Helps to protect against XSS attacks. See MDN for more details
Lessons this unit:
|1:||An HTTP request|
|3:||HTTP Status Codes|
|4:||HTTP Client/Server communication|
|5:||HTTP Request Headers|
|6:||▶︎ HTTP Response Headers|