HTTP - Header (Fields)


Headers are :

The HTTP headers are equivalent to fields in other protocols that have the same basic meaning. For example, the HTTP authentication headers are equivalent to the authentication aspects of the FTP protocol.

The name of a header field is not case-sensitive. Multiple values can be assigned to the same name.

RFC 2616 defines a wide range of header fields for handling various aspects of the HTTP protocol.

Other specifications, like RFC 2617 and RFC 2965, define additional headers. Some of the defined headers are for general use, others are meant for exclusive use with either requests or responses, still others are meant for use only with an entity.


X header

Any headers beginning with X- are custom headers, and are not included in the HTTP spec.



Http Headers Firefox




Setting an header is heavily dependent of the technology used. You can set it:

Web Server

You can set header of request via the web server (http server).

Example with apache: Apache - HTTP Header (mod_header module)


The html meta http-equiv can be used to set the header of HTML document retrieved with HTTP.


<meta http-equiv="Content-Security-Policy" content="block-all-mixed-content" />
<META http-equiv="Expires" content="Tue, 20 Aug 1996 14:25:27 GMT">

See Reference

Discover More
(HTTP|HTTPS) - Hypertext Transfer Protocol

Hypertext Transfer Protocol (HTTP) is the transfer protocol to exchange or transfer web resource between nodes (host). The H in HTTP means an hypertext (ie HTML). The protocol was first designed...
Card Puncher Data Processing
Apache - HTTP Header (mod_header module)

mod_header is a apache module that permits to set HTTP header. If you add the below code snippet in your htaccess file, you will set the following response header the cache-control header and...
Cors Flowchart
Browser - Cross Origin Resource Sharing (CORS)

Cross-origin resource sharing (CORS) is a mechanism that: * allows a HTTP server * to control the cross-origin requests executed by a browser. In short, a HTTP server may allow or not to receive...
Browser - Cross-Origin Read Blocking (CORB)

Cross-Origin Read Blocking (CORB) is a security feature that prevents the contents of a resource from ever entering the memory of the renderer process memory based on its MIME type. The main motivation...
Cookie Scope Name
Cookie - Scope

The scope of a cookie name is a calculated property defined by the concatenation of the and attributes. If the request URL matches the scope (ie domain and path expression), the user agent (browser)...
Expires HTTP header to control the response cache

Expires defines a date time that indicates when a response is stale for the response cache
HTML - (Client-side) Script (Element)

A client-side script is a program that is: linked (server-side script) or directly embedded in an HTML document (in-line script) Scripts in HTML have “run-to-completion” semantics, meaning that...
HTML - Image (Img tag)

HTML img is an fetch element that represents an image. An image in HTML can also be represented with a picture element that defines logically the same image but may have different physical image...
HTTP - Message (Syntax)

An http message is a text document that consists of: a header section and an optional entity (ie body). There are two kinds of messages: requests from client to server and responses from server...
Hsts Chrome Message
HTTP - Strict Transport Security (HSTS) - mandatory HTTPS

Strict Transport Security (HSTS) is a header that tells the client that the website should always be contacted with HTTPS When HSTS is on, if it's not possible to make a https connection (for instance...

Share this page:
Follow us:
Task Runner