New

HTTP Headers Reference

Runs in browser

Browse all standard HTTP request and response headers with examples and descriptions. Filter by name or category to find the header you need fast.

HTTP Headers Reference tool

Check live headers

Enter a URL to see its actual response headers

Hover a row to reveal the copy button Β· Click β–Ό to expand description

Authentication3
Authorization
Bearer eyJhbGciOiJIUzI1NiJ9...

Credentials to authenticate with the server. β€” Common schemes: Basic, Bearer (JWT), Digest.

MDN docs β†’
Proxy-Authorization
Basic dXNlcjpwYXNz

Credentials to authenticate with an intermediary proxy.

MDN docs β†’
Content5
Accept
application/json, text/html;q=0.9

Media types the client can handle. β€” Use q-factors (0–1) to express preference; */* matches anything.

MDN docs β†’
Accept-Encoding
gzip, deflate, br

Compression algorithms the client supports. β€” br (Brotli) gives best ratios for text.

MDN docs β†’
Accept-Language
en-US,en;q=0.9,fr;q=0.8

Natural languages preferred by the client.

MDN docs β†’
Content-Length
348

Size of the request body in bytes.

MDN docs β†’
Content-Type
application/json; charset=utf-8

Media type and encoding of the request body.

MDN docs β†’
Caching3
Cache-Control
no-cache

Directives controlling request caching. β€” no-cache revalidates; no-store disables caching entirely.

MDN docs β†’
If-Modified-Since
Wed, 21 Oct 2025 07:28:00 GMT

Return 304 if resource has not changed since this date.

MDN docs β†’
If-None-Match
"abc123"

Return 304 if ETag matches the current resource version. β€” Server returns 304 Not Modified when ETag matches.

MDN docs β†’
Connection4
Connection
keep-alive

Control options for the current connection. β€” HTTP/2 ignores this header; only meaningful in HTTP/1.x.

MDN docs β†’
Host
api.example.com:8080

Domain and optional port of the target server. Required in HTTP/1.1.

MDN docs β†’
Keep-Alive
timeout=5, max=1000

Parameters for a persistent connection.

MDN docs β†’
Upgrade
websocket

Ask the server to switch to a different protocol (e.g. WebSocket).

MDN docs β†’
Context3
Origin
https://example.com

Origin of a cross-site access request (CORS).

MDN docs β†’
Referer
https://example.com/page

URL of the page making the request. β€” Historical misspelling β€” missing one 'r'.

MDN docs β†’
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7)

Software identifier of the client (browser, bot, library).

MDN docs β†’
Custom2
X-Forwarded-For
203.0.113.195, 70.41.3.18

Original client IP when passing through a proxy. β€” Can be spoofed; only trust if set by your own trusted proxy.

MDN docs β†’
X-Requested-With
XMLHttpRequest

Identifies AJAX requests; added by many JS frameworks.

MDN docs β†’

How to use

  1. Browse categories

    Headers are grouped by category (Authentication, Caching, CORS, etc.) for easy navigation.

  2. Search

    Type in the search box to filter headers by name or description.

  3. Copy a header name

    Click any header name to copy it to your clipboard.

Examples

  • Find CORS headers

    Search for 'cors' to see Access-Control headers and their usage.

    Output
    Access-Control-Allow-Origin, Access-Control-Allow-Methods, ...

Frequently asked questions

Are custom headers included?
This reference covers standard IANA-registered headers. Custom X- headers are not listed.

Related tools

You might find these useful too.