HTTP Headers Reference

General (Connection, Date), Request (Host, User-Agent, Accept, Authorization), Response (Set-Cookie, Location, Server), Entity (Content-Type, Content-Length), Security (CSP, HSTS, X-Frame-Options), CORS (Access-Control-*), and Cache (Cache-Control, ETag).

Yes, every header entry includes a realistic example value (e.g., Content-Type: text/html; charset=utf-8). Use this as a quick reference when debugging or configuring headers.

Cache-Control directives control how browsers and intermediate proxies cache responses. max-age sets the lifetime in seconds, no-cache requires validation before reuse, no-store prevents all caching, private restricts caching to the browser only, and public allows shared caching. Use ETag and Last-Modified for conditional requests.

Content negotiation is when the client tells the server what formats it can handle (Accept header for response type, Accept-Language for language, Accept-Encoding for compression like gzip). The server picks the best available format. This allows the same URL to serve different representations to different clients.

The User-Agent header identifies the browser, operating system, and rendering engine to the server. Servers use it for analytics, browser-specific fixes, and detecting bots. However, User-Agent is easily spoofed — don't use it for security decisions. Feature detection is more reliable than UA sniffing.

Search by header name, description keyword, or category. Filter by category using the chips. Use this when configuring server responses, setting up CORS, or debugging API calls.