Tag
Response
49 resources tagged Response across methods, status codes, headers, cookies, guides, and glossary.
Accept-Ranges Header
Learn how the Accept-Ranges header tells clients whether your server supports partial content requests (byte ranges) for efficient downloads and streaming.
Access-Control-Allow-Credentials Header
Learn how Access-Control-Allow-Credentials controls whether browsers expose responses when credentials (cookies, auth headers) are included in CORS requests.
Access-Control-Allow-Headers Header
Learn how Access-Control-Allow-Headers specifies which custom HTTP headers can be used during cross-origin requests in CORS preflight responses.
Access-Control-Allow-Methods Header
Learn how Access-Control-Allow-Methods specifies which HTTP methods are permitted for cross-origin requests in CORS preflight responses.
Access-Control-Allow-Origin
Learn how Access-Control-Allow-Origin controls which origins can access resources in CORS. Covers wildcard, specific origin, and credential configurations.
Access-Control-Max-Age Header
Learn how Access-Control-Max-Age specifies how long browsers can cache CORS preflight results. Reduce preflight requests and improve cross-origin performance.
Age Header
Learn how the Age header indicates how long a response has been cached in seconds. Understand cache freshness calculations and CDN behavior.
Authentication-Info Header
Learn how Authentication-Info provides additional authentication data in responses to successful requests. Covers digest authentication and session info.
Cache-Control Header: Complete HTTP Caching Guide
Master the Cache-Control header. Learn how to control browser and CDN caching with max-age, no-cache, no-store, and other directives.
Connection Header
Learn how the Connection header controls whether HTTP connections stay open (keep-alive) or close after each request. Optimize with persistent connections.
Content-Disposition Header
Learn how the Content-Disposition header controls whether content displays inline or downloads as an attachment. Set custom filenames for file downloads.
Content-Encoding
Learn how Content-Encoding specifies compression algorithms (gzip, br, deflate) used to encode response bodies. Reduce bandwidth and improve load times.
Content-Language Header
Learn how the Content-Language header specifies the natural language(s) of response content. Understand language tags and internationalization best practices.
Content-Length
Learn how Content-Length specifies the body size in bytes. Essential for progress indicators, connection management, and chunked transfer decisions.
Content-Location Header
Learn how Content-Location indicates an alternate URL for returned content. Useful for content negotiation and identifying canonical resource locations.
Content-Range Header
Learn how the Content-Range header indicates which portion of a resource is being sent in partial content (206) responses for range requests and streaming.
Content-Security-Policy Header
Learn how Content-Security-Policy (CSP) defines security policies to prevent XSS, clickjacking, and code injection. Master CSP directives and best practices.
Content-Type Header: Complete Guide to MIME Types
Learn how the Content-Type header works. Understand MIME types, charset encoding, and how to set the correct content type for APIs, forms, and file uploads.
Cross-Origin-Embedder-Policy
Learn how Cross-Origin-Embedder-Policy (COEP) controls cross-origin resource loading. Required for SharedArrayBuffer and high-resolution timer access.
Cross-Origin-Opener-Policy
Learn how Cross-Origin-Opener-Policy (COOP) isolates your browsing context from cross-origin documents. Required for SharedArrayBuffer and enhanced security.
Cross-Origin-Resource-Policy
Learn how Cross-Origin-Resource-Policy (CORP) blocks no-cors cross-origin requests to protect resources from Spectre attacks and data leaks.
Date Header
Learn how the Date header specifies when the HTTP message was originated by the server. Understand date formats and its role in caching and logging.
Early-Hints
Learn how 103 Early Hints allows servers to send preload hints while preparing the main response. Improve page load performance with early resource loading.
ETag
Learn how the ETag header provides a unique identifier for resource versions, enabling efficient cache validation and conditional requests to reduce bandwidth.
Expires Header
Learn how the Expires header specifies when cached responses become stale. Understand date formats and when to use Expires vs Cache-Control for caching.
Last-Modified
Learn how the Last-Modified header indicates when a resource was last changed. Enable efficient cache validation with If-Modified-Since conditional requests.
Link Header
Learn how the Link header provides resource hints and enables preloading of CSS, fonts, and scripts to improve page load performance and user experience.
Location
Learn how the Location header specifies redirect URLs or the location of newly created resources. Essential for 201, 301, 302, and other redirect responses.
Performance-Timing
Learn about Performance-Timing, a non-standard header for exposing server-side performance metrics to clients. Understand its use cases and alternatives.
Permissions-Policy Header
Learn how the Permissions-Policy header controls which browser features and APIs can be used in your site and embedded iframes. Enhance security and privacy.
Proxy-Authenticate Header
Learn how the Proxy-Authenticate header challenges clients for credentials when accessing resources through a proxy. Understand proxy authentication schemes.
Referrer-Policy Header
Learn how Referrer-Policy controls how much referrer information is sent with requests. Protect user privacy while maintaining analytics functionality.
Refresh Header
Learn how the Refresh header instructs browsers to reload or redirect after a delay. Understand its use cases, limitations, and better alternatives.
Retry-After
Learn how the Retry-After header tells clients how long to wait before retrying a request. Understand its use with 503, 429, and 301 status codes.
Sec-WebSocket-Accept
Learn how the Sec-WebSocket-Accept header indicates server acceptance of a WebSocket connection upgrade. Understand the handshake process and key validation.
Server-Timing Header
Learn how the Server-Timing header communicates server-side performance metrics to browsers. Analyze backend timing, database queries, and optimize performance.
Set-Cookie
Learn how the Set-Cookie header instructs browsers to store cookies with attributes like HttpOnly, Secure, SameSite, and expiration settings.
Strict-Transport-Security Header
Learn how Strict-Transport-Security (HSTS) forces browsers to only communicate over HTTPS, preventing protocol downgrade and man-in-the-middle attacks.
Timing-Allow-Origin
Learn how the Timing-Allow-Origin header specifies which origins can access Resource Timing API data. Enable cross-origin performance monitoring securely.
Transfer-Encoding Header
Learn how the Transfer-Encoding header specifies encoding formats like chunked transfer for streaming responses when content length is unknown beforehand.
Vary
Learn how the Vary header specifies which request headers affect the response. Essential for proper cache differentiation and content negotiation.
Warning Header
Learn about the deprecated Warning header that provided additional status information about message transformations. Understand why it was removed from HTTP.
WWW-Authenticate
Learn how the WWW-Authenticate header specifies authentication methods required to access protected resources. Understand Basic, Bearer, and Digest schemes.
X-Cache Header
Learn how the X-Cache header indicates cache hit or miss status from CDNs and proxies. Debug caching issues and verify CDN configuration with this header.
X-Content-Type-Options Header
Learn how X-Content-Type-Options with nosniff prevents browsers from MIME-sniffing responses. Protect against XSS attacks from content type confusion.
X-Frame-Options Header
Learn how X-Frame-Options prevents clickjacking attacks by controlling whether your site can be embedded in frames, iframes, or objects on other domains.
X-RateLimit Headers
Learn how X-RateLimit headers inform API clients about rate limits, remaining requests, and reset times. Implement proper rate limiting in your applications.
X-Response-Time
Learn how the X-Response-Time header indicates server processing time in milliseconds. Useful for performance monitoring and debugging slow requests.
X-XSS-Protection Header
Deprecated header that enabled browser XSS filters to detect and block reflected cross-site scripting attacks.