HTTP Response Headers

This page provides a listing of HTTP response headers and what they indicate. The information on this page includes partial quotes from RFC 2616 that are somewhat re-organized.

The response header field is:

Request = Status-Line 	;  
	*(( general-header 	;
	| response-header 	;
	| entity-header ) CRLF) ;
	[ message-body ] 	;

The status-line consists "of the protocol version followed by a numeric status code and its associated textual phrase, with each element separated by SP characters. No CR or LF is allowed except in the final CRLF sequence. The Status-Code element is a 3-digit integer result code of the attempt to understand and satisfy the request. These codes are fully defined in section 10. The Reason-Phrase is intended to give a short textual description of the Status-Code. The Status-Code is intended for use by automata and the Reason-Phrase is intended for the human user. The client is not required to examine or display the Reason- Phrase.

The first digit of the Status-Code defines the class of response. The last two digits do not have any categorization role. There are 5 values for the first digit:

  • 1xx: Informational - Request received, continuing process
    • 100 - Continue
    • 101 - Switching Protocols
  • 2xx: Success - The action was successfully received, understood, and accepted
    • 200 - OK
    • 201 - Created
    • 202 - Accepted
    • 203 - Non-Authoritative Information
    • 204 - No Content
    • 205 - Reset Content
    • 206 - Partial Content
  • 3xx: Redirection - Further action must be taken in order to complete the request
    • 300 - Multiple Choices
    • 301 - Moved Permanently
    • 302 - Found
    • 303 - See Other
    • 304 - Not Modified
    • 305 - Use Proxy
    • 307 - Temporary Redirect
  • 4xx: Client Error - The request contains bad syntax or cannot be fulfilled
    • 400 - Bad Request
    • 401 - Unauthorized
    • 402 - Payment Required
    • 403 - Forbidden
    • 404 - Not Found
    • 405 - Method Not Allowed
    • 406 - Not Acceptable
    • 407 - Proxy Authentication Required
    • 408 - Request Time-out
    • 409 - Conflict
    • 410 - Gone
    • 411 - Length Required
    • 412 - Precondition Failed
    • 413 - Request Entity Too Large
    • 414 - Request-URI Too Large
    • 415 - Unsupported Media Type
    • 416 - Requested range not satisfiable
    • 417 - Expectation Failed
  • 5xx: Server Error - The server failed to fulfill an apparently valid request
    • 500 - Internal Server Error
    • 501 - Not Implemented
    • 502 - Bad Gateway
    • 503 - Service Unavailable
    • 504 - Gateway Time-out
    • 505 - HTTP Version not supported

extension-code = 3DIGIT
Reason-Phrase = *<TEXT, excluding CR, LF>

Response Header

"The response-header fields allow the server to pass additional information about the response which cannot be placed in the Status- Line. These header fields give information about the server and about further access to the resource identified by the Request-URI."

  • Accept-Ranges - The Accept-Ranges response-header field allows the server to indicate its acceptance of range requests for a resource.
  • Age - The Age response-header field conveys the sender's estimate of the amount of time since the response (or its revalidation) was generated at the origin server. A cached response is "fresh" if its age does not exceed its freshness lifetime.
  • ETag - The ETag response-header field provides the current value of the entity tag for the requested variant.
  • Location - The Location response-header field is used to redirect the recipient to a location other than the Request-URI for completion of the request or identification of a new resource. For 201 (Created) responses, the Location is that of the new resource which was created by the request. For 3xx responses, the location SHOULD indicate the server's preferred URI for automatic redirection to the resource. The field value consists of a single absolute URI.
  • Proxy-Authenticate - The Proxy-Authenticate response-header field MUST be included as part of a 407 (Proxy Authentication Required) response. The field value consists of a challenge that indicates the authentication scheme and parameters applicable to the proxy for this Request-URI.
  • Retry-After - The Retry-After response-header field can be used with a 503 (Service Unavailable) response to indicate how long the service is expected to be unavailable to the requesting client.
  • Server - The Server response-header field contains information about the software used by the origin server to handle the request.
  • Vary - The Vary field value indicates the set of request-header fields that fully determines, while the response is fresh, whether a cache is permitted to use the response to reply to a subsequent request without revalidation. For uncacheable or stale responses, the Vary field value advises the user agent about the criteria that were used to select the representation. A Vary field value of "*" implies that a cache cannot determine from the request headers of a subsequent request whether this response is the appropriate representation.
  • WWW-Authenticate - The WWW-Authenticate response-header field MUST be included in 401 (Unauthorized) response messages. The field value consists of at least one challenge that indicates the authentication scheme(s) and parameters applicable to the Request-URI.