Utilumo
LightDarkSystem

Updated June 29, 2026

Common HTTP headers reference

HTTP headers carry metadata about a request or response. This sheet lists the everyday ones, grouped into request and response headers. For safety-focused headers, see the HTTP security headers reference.

Request headers

HeaderWhat it does
AcceptWhich response formats the client can handle.
Accept-EncodingCompression the client supports, like gzip or br.
AuthorizationCredentials, such as a Bearer token.
Content-TypeThe format of the request body being sent.
CookieCookies the client is sending back.
User-AgentIdentifies the client app and version.
OriginThe origin making a cross-site request.
RefererThe page the request came from.

Response headers

HeaderWhat it does
Content-TypeThe format of the response body, like application/json.
Content-LengthThe size of the response body in bytes.
Content-EncodingCompression applied to the body, like gzip.
Cache-ControlHow and how long the response may be cached.
ETagA version tag used for cache validation.
Set-CookieAsks the client to store a cookie.
LocationThe target URL for a redirect.
Access-Control-Allow-OriginWhich origins may read the response (CORS).
Header names are case-insensitiveContent-Type and content-type are the same header. HTTP/2 and HTTP/3 send header names in lowercase.

References

Questions

What is the difference between Content-Type and Accept?

Content-Type describes the format of the body actually being sent. Accept is a request header saying which formats the client would like back. They serve opposite directions.

What does Cache-Control: no-store mean?

It tells caches not to store the response at all, so every request goes to the server. It is used for sensitive or always-fresh data.