hasare.com
list_alt

HTTP Headers Reference

A searchable reference of common HTTP request and response headers, what each one does, and example values. Covers caching, content negotiation, CORS, authentication, and security headers. Everything runs locally in your browser.

BitMask.in Ad

We build software like it's our own.

Senior-only teams. Custom software, AI integration & product engineering.

Book a Free Call
shield_lock

Secure & Private Client-Side

This tool runs entirely in your browser. No data is sent to any server, ensuring your information remains private and secure.

About HTTP Headers Reference

A searchable reference of common HTTP request and response headers, what each one does, and example values. Covers caching, content negotiation, CORS, authentication, and security headers. Everything runs locally in your browser.

BitMask.in Ad

We build software like it's our own.

Senior-only teams. Custom software, AI integration & product engineering.

Book a Free Call

Frequently Asked Questions

What is the difference between request and response headers? expand_more

Request headers are sent by the client to describe the request or the client itself (e.g. Accept, Authorization). Response headers are sent by the server to describe the response (e.g. Content-Type, Cache-Control).

What does the Cache-Control header do? expand_more

Cache-Control directs how, and for how long, browsers and proxies may cache a response. Common directives include max-age, no-cache, no-store, and public/private.

Which headers improve security? expand_more

Headers like Strict-Transport-Security, Content-Security-Policy, X-Content-Type-Options, and X-Frame-Options harden a site against common attacks such as protocol downgrade, XSS, and clickjacking.

What are CORS headers? expand_more

Cross-Origin Resource Sharing headers such as Access-Control-Allow-Origin tell the browser which origins are allowed to read a response, enabling controlled cross-domain requests.

BitMask.in Ad

We build software like it's our own.

Senior-only teams. Custom software, AI integration & product engineering.

Book a Free Call

Common Use Cases

  • Configuring Servers: Look up the exact header name and example value when setting caching or security policies.
  • Hardening Security: Review CSP, HSTS, and X-Frame-Options to protect a site from XSS and clickjacking.
  • Debugging CORS: Understand Origin and Access-Control-Allow-Origin when cross-domain requests fail.
  • Learning HTTP: See which headers are sent by clients vs. servers and what each one controls.

More Web Tools

link
URL Encoder Encode or decode URLs securely.
public
URL Parser Analyze URL components and params.
http
HTTP Status Codes Look up any HTTP status code and its meaning.
description
MIME Types Lookup Find the MIME type for any file extension.