Stack Overflow
Stack Overflow

Questions tagged [http-headers]

In the Hypertext Transfer Protocol (HTTP), HTTP header fields contain the operating parameters of an HTTP request or response. With the request or response line (first line of message), they form the message header.

The header fields define various characteristics of the data transfer that is requested, or the data that is provided in the message body.

Header fields start with the field name, terminated with a colon character, followed by the field value. Field names and values may be any application-specific strings, but a core set of fields is standardized by the Internet Engineering Task Force (IETF) in RFC 2616 and other updates and extension documents (e.g. RFC 4229), and are commonly understood by all compliant protocol implementations.

Many parameters may be followed by a quality or 'q' value, giving a weight to use in content negotiation. The HTTP message header is separated from the message body by a blank line.

List of HTTP Header fields

11828 questions
316
votes
16 answers

Axios get access to response header fields

I'm building a frontend app with React and Redux and I'm using axios to perform my requests. I would like to get access to all the fields in the header of the response. In my browser I can inspect the header and I can see that all the fields that I…
TWONEKSONE
  • 3,918
  • 3
  • 19
  • 26
316
votes
4 answers

How to get http headers in flask?

Using Flask, how can I read HTTP headers? I want to check the authorization header which is sent by the client.
emil
  • 6,074
  • 4
  • 30
  • 38
312
votes
10 answers

Passing headers with axios POST request

I have written an Axios POST request as recommended from the npm package documentation like: var data = { 'key1': 'val1', 'key2': 'val2' } axios.post(Helper.getUserAPI(), data) .then((response) => { dispatch({type: FOUND_USER,…
Jagrati
  • 11,474
  • 9
  • 35
  • 56
298
votes
14 answers

How do I force files to open in the browser instead of downloading (PDF)?

Is there a way to force PDF files to open in the browser when the option "Display PDF in browser" is unchecked? I tried using the embed tag and an iframe, but it only works when that option is checked. What can I do?
elloalisboa
  • 3,053
  • 2
  • 17
  • 10
297
votes
33 answers

S3 - Access-Control-Allow-Origin Header

Did anyone manage to add Access-Control-Allow-Origin to the response headers? What I need is something like this:
Wowzaaa
  • 3,730
  • 4
  • 21
  • 23
296
votes
3 answers

What's the point of the X-Requested-With header?

JQuery and other frameworks add the following header: X-Requested-With: XMLHttpRequest Why is this needed? Why would a server want to treat AJAX requests differently than normal requests? UPDATE: I just found a real-life example using this header:…
Gili
  • 86,244
  • 97
  • 390
  • 689
282
votes
3 answers

Content-Disposition:What are the differences between "inline" and "attachment"?

What are the differences between Response.AddHeader("Content-Disposition", "attachment;filename=somefile.ext") and Response.AddHeader("Content-Disposition", "inline;filename=somefile.ext") I don't know the differences , because when I use one or…
Cleiton
  • 17,663
  • 13
  • 46
  • 59
278
votes
6 answers

Difference between application/x-javascript and text/javascript content types

What is the difference between these headers? Content-Type: application/javascript Content-Type: application/x-javascript Content-Type: text/javascript Which one is best and why? Please do not say they are identical - if they were identical there…
Obmerk Kronen
  • 15,619
  • 16
  • 66
  • 105
271
votes
13 answers

How to evaluate http response codes from bash/shell script?

I have the feeling that I'm missing the obvious, but have not succeeded with man [curl|wget] or google ("http" makes such a bad search term). I'm looking for a quick&dirty fix to one of our webservers that frequently fails, returning status code 500…
Olaf Kock
  • 46,930
  • 8
  • 59
  • 90
269
votes
1 answer

What exactly does the Access-Control-Allow-Credentials header do?

I'm trying to understand how to use CORS and am confused about what the Access-Control-Allow-Credentials header does. The documentation says Indicates whether or not the response to the request can be exposed when the credentials flag is…
Nate
  • 26,164
  • 34
  • 130
  • 214
255
votes
15 answers

Set cookies for cross origin requests

How to share cookies cross origin? More specifically, how to use the Set-Cookie header in combination with the header Access-Control-Allow-Origin? Here's an explanation of my situation: I am attempting to set a cookie for an API that is running on…
Pim van der Heijden
  • 6,956
  • 4
  • 16
  • 21
245
votes
10 answers

Adding a HTTP header to the Angular HttpClient doesn't send the header, why?

Here is my code: import { HttpClient, HttpErrorResponse, HttpHeaders } from '@angular/common/http'; logIn(username: string, password: string) { const url = 'http://server.com/index.php'; const body = JSON.stringify({username: username, …
Frennetix
  • 3,269
  • 5
  • 15
  • 23
240
votes
8 answers

Getting HTTP code in PHP using curl

I'm using CURL to get the status of a site, if it's up/down or redirecting to another site. I want to get it as streamlined as possible, but it's not working well.
Aaran McGuire
  • 2,975
  • 3
  • 22
  • 26
238
votes
2 answers

What is the "Upgrade-Insecure-Requests" HTTP header?

I made a POST request to a HTTP (non-HTTPS) site, inspected the request in Chrome's Developer Tools, and found that it added its own header before sending it to the server: Upgrade-Insecure-Requests: 1 After doing a search on…
user193130
  • 8,009
  • 4
  • 36
  • 64
230
votes
6 answers

What is the http-header "X-XSS-Protection"?

So I've been toying around with HTTP for fun in telnet now (i.e. just typing in telnet google.com 80 and putting in random GETs and POSTs with different headers and the like) but I've come across something that google.com transmits in it's headers…
midc111
  • 2,333
  • 2
  • 15
  • 12
1 2
3
99 100