HTTP Header Reference
A searchable reference of the HTTP headers you actually meet. For each header see whether it is a request, response or both, its category, a plain-English description and a real example value.
How to use the HTTP header reference
- Type a header name or keyword in the search box.
- Check the direction column for request, response or both.
- Copy the example value to use as a starting point.
Examples
Caching headers
cache
Cache-Control, Expires, Age, Vary and more
Security headers
security
Strict-Transport-Security, Content-Security-Policy, X-Frame-Options
Frequently asked questions
What is the difference between request and response headers?
Request headers are sent by the client to describe the request or the client. Response headers are sent by the server about the response. Some, like Content-Type and Cache-Control, are used in both directions.
Which HTTP headers improve security?
Common security headers include Strict-Transport-Security, Content-Security-Policy, X-Content-Type-Options, X-Frame-Options, Referrer-Policy and Permissions-Policy.
What does the Authorization header do?
Authorization carries credentials, such as a Bearer token or Basic auth, so the server can authenticate the request. It is a request header.
Why is Referer spelled wrong?
The Referer header keeps a historical misspelling from the original HTTP specification. It still works, while the modern Referrer-Policy header uses the correct spelling.
Are these all the HTTP headers?
No. This is a curated list of the most common standard headers. Custom and experimental headers exist too, often prefixed with X-.
Related tools
HTTP Header Builder
Build CORS, cache and security response headers, then copy them as raw HTTP, Nginx add_header or Apache Header set lines. Runs in your browser.
HTTP Methods Reference
Reference for the nine HTTP methods. See which are safe, idempotent and cacheable, whether they carry a body, and what each method is for.
HTTP Status Codes
Searchable list of HTTP status codes from 1xx to 5xx. Look up any code by number or name and see what 200, 301, 404 and 500 mean.
.env to JSON
Convert a .env file to JSON, or JSON back to .env. Parses KEY=value lines, comments, quotes and export. Runs entirely in your browser.
ASCII Table
Full ASCII table for all 128 codes with decimal, hex, octal and binary values, character names and descriptions. Search by code, hex or character.
Aspect Ratio Box Generator
Generate CSS for a responsive aspect-ratio container. Use the modern aspect-ratio property or the padding-top fallback, then copy the ready code.