Http Header Fields
HTTP response headers are a series of header fields sent by the server in response to an HTTP request from the client, providing additional information about the response and instructions from the server.
Here are some common HTTP response headers:
| Response Header (English) | Response Header (Chinese) | Description |
| --- | --- | --- |
| Date | Date | The date and time when the response was generated. Example: Wed, 18 Apr 2024 12:00:00 GMT |
| Server | Server | The name and version of the server software. Example: Apache/2.4.1 (Unix) |
| Content-Type | Content Type | The media type (MIME type) of the response body, such as `text/html; charset=UTF-8`, `application/json`, etc. |
| Content-Length | Content Length | The size of the response body in bytes. Example: 3145 |
| Content-Encoding | Content Encoding | The compression encoding of the response body, such as `gzip`, `deflate`, etc. |
| Content-Language | Content Language | The language of the response body. Example: zh-CN |
| Content-Location | Content Location | The URI of the response body. Example: /index.html |
| Content-Range | Content Range | The byte range of the response body, used for chunked transfer. Example: bytes 0-999/8000 |
| Cache-Control | Cache Control | Controls caching behavior of the response, e.g., no-cache means the request must be revalidated. |
| Connection | Connection | Options for managing the connection, such as `keep-alive` or `close`. keep-alive indicates the connection will not be closed after transmission. |
| Set-Cookie | Set-Cookie | Sets a cookie on the client. Example: sessionId=abc123; Path=/; Secure |
| Expires | Expires | The expiration date and time of the response body. Example: Thu, 18 Apr 2024 12:00:00 GMT |
| Last-Modified | Last-Modified | The date and time when the resource was last modified. Example: Wed, 18 Apr 2024 11:00:00 GMT |
| ETag | ETag | An identifier for a specific version of the resource. Example: "33a64df551425fcc55e6" |
| Location | Location | The URI used for redirection. Example: /newresource |
| Pragma | Implementation-Specific Directives | Contains implementation-specific directives, such as `no-cache`. |
| WWW-Authenticate | Authentication Information | Authentication information, typically used for HTTP authentication. Example: Basic realm="Access to the site" |
| Accept-Ranges | Accept-Ranges | Specifies the acceptable range types for requests. Example: bytes |
| Age | Age | The number of seconds since the response was generated, from the origin server to the proxy server. Example: 24 |
| Allow | Allow | Lists the HTTP methods allowed for the resource. Example: GET, POST, HEAD, etc. |
| Vary | Vary | Tells downstream proxies how to use response headers to determine whether the response can be served from cache. Example: Accept |
| Strict-Transport-Security | Strict-Transport-Security | Instructs the browser to only communicate with the server over HTTPS. Example: max-age=31536000; includeSubDomains |
| X-Frame-Options | X-Frame-Options | Controls whether the page can be displayed in a frame, to prevent clickjacking attacks. Example: SAMEORIGIN |
| X-Content-Type-Options | Content TypeOptions | Instructs the browser not to try to guess the MIME type of the resource. Example: nosniff |
| X-XSS-Protection | XSSX-XSS-Protection | Controls the browser's XSS filtering and blocking. Example: 1; mode=block |
| Public-Key-Pins | Public-Key-Pins | An HTTP header for HTTP Public Key Pinning (HPKP), a security mechanism used to prevent man-in-the-middle attacks. Example: pin-sha256="base64+primarykey"; pin-sha256="base64+backupkey"; max-age=expireTime |
These response headers may vary in actual HTTP responses, with specific values depending on the server's configuration and processing logic.
YouTip