设置http响应标头
Every HTTP response can have a set of headers.
每个HTTP响应都可以具有一组标头。
This post aims to list all those headers, and describe them.
这篇文章旨在列出所有这些标题,并对其进行描述。
标准头 (Standard headers)
Accept-Patch
(Accept-Patch
)
Accept-Patch: text/example;charset=utf-8
Accept-Patch: text/example;charset=utf-8
Specifies which patch document formats this server supports
指定此服务器支持的修补程序文档格式
Accept-Ranges
(Accept-Ranges
)
Accept-Ranges: bytes
Accept-Ranges: bytes
What partial content range types this server supports via byte serving
该服务器通过字节服务支持哪些部分内容范围类型
Age
(Age
)
Age: 12
Age: 12
The age the object has been in a proxy cache in seconds
对象在代理缓存中的存在时间(以秒为单位)
Allow
(Allow
)
Allow: GET, HEAD
Allow: GET, HEAD
Valid methods for a specified resource. To be used for a 405 Method not allowed
指定资源的有效方法。 不允许用于405方法
Alt-Svc
(Alt-Svc
)
Alt-Svc: http/1.1= "http2.example.com:8001"; ma=7200
Alt-Svc: http/1.1= "http2.example.com:8001"; ma=7200
A server uses “Alt-Svc” header (meaning Alternative Services) to indicate that its resources can also be accessed at a different network location (host or port) or using a different protocol. When using HTTP/2, servers should instead send an ALTSVC frame
服务器使用“ Alt-Svc”标头(表示替代服务)表示还可以在其他网络位置(主机或端口)或使用不同的协议访问其资源。 使用HTTP / 2时 ,服务器应改为发送ALTSVC帧
Cache-Control
(Cache-Control
)
Cache-Control: max-age=3600
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Cache-Control: max-age=3600
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
If no-cache
is used, the Cache-Control
header can tell the browser to never use a cached version of a resource without first checking the ETag value.
如果使用了no-cache
,则Cache-Control
标头可以告诉浏览器从不使用资源的缓存版本,而无需先检查ETag值。
max-age
is measured in seconds
max-age
以秒为单位
The more restrictive no-store
option tells the browser (and all the intermediary network devices) the not even store the resource in its cache:
限制性更强的no-store
选项告诉浏览器(和所有中间网络设备)甚至不将资源存储在其缓存中:
Cache-Control: no-store
Connection
(Connection
)
Connection: close
Connection: close
Control options for the current connection and list of hop-by-hop response fields. Deprecated in HTTP/2
当前连接的控制选项以及逐跳响应字段列表。 在HTTP / 2中已弃用
Content-Disposition
(Content-Disposition
)
Content-Disposition: attachment; filename="file.txt"
Content-Disposition: attachment; filename="file.txt"
An opportunity to raise a “File Download” dialogue box for a known MIME type with binary format or suggest a filename for dynamic content. Quotes are necessary with special characters
有机会针对二进制格式的已知MIME类型引发“文件下载”对话框,或为动态内容建议文件名。 引号必须带有特殊字符
Content-Encoding
(Content-Encoding
)
Content-Encoding: gzip
Content-Encoding: gzip
The type of encoding used on the data. See HTTP compression
数据上使用的编码类型。 请参阅HTTP压缩
Content-Language
(Content-Language
)
Content-Language: en
Content-Language: en
The natural language or languages of the intended audience for the enclosed content
随附内容的预期受众的一种或多种自然语言
Content-Length
(Content-Length
)
Content-Length: 348
Content-Length: 348
The length of the response body expressed in 8-bit bytes
响应主体的长度,以8位字节表示
Content-Location
(Content-Location
)
Content-Location: /index.htm
Content-Location: /index.htm
An alternate location for the returned data
返回数据的备用位置
Content-Range
(Content-Range
)
Content-Range: bytes 21010-47021/47022
Content-Range: bytes 21010-47021/47022
Where in a full body message this partial message belongs
此部分消息在全身消息中的何处
Content-Type
(Content-Type
)
Content-Type: text/html; charset=utf-8
Content-Type: text/html; charset=utf-8
The MIME type of this content
此内容的MIME类型
Date
(Date
)
Date: Tue, 15 Nov 1994 08:12:31 GMT
Date: Tue, 15 Nov 1994 08:12:31 GMT
The date and time that the message was sent (in “HTTP-date” format as defined by RFC 7231)
邮件发送的日期和时间(采用RFC 7231定义的“ HTTP日期”格式)
Delta-Base
(Delta-Base
)
Delta-Base: "abc"
Delta-Base: "abc"
Specifies the delta-encoding entity tag of the response
指定响应的增量编码实体标签
ETag
(ETag
)
ETag: "737060cd8c284d8a[...]"
ETag: "737060cd8c284d8a[...]"
An identifier for a specific version of a resource, often a message digest
资源特定版本的标识符,通常是消息摘要
Expires
(Expires
)
Expires: Sat, 01 Dec 2018 16:00:00 GMT
Expires: Sat, 01 Dec 2018 16:00:00 GMT
Gives the date/time after which the response is considered stale (in “HTTP-date” format as defined by RFC 7231)
给出响应被认为过时的日期/时间(采用RFC 7231定义的“ HTTP-日期”格式)
IM
(IM
)
IM: feed
IM: feed
Instance-manipulations applied to the response
实例操作应用于响应
Last-Modified
(Last-Modified
)
Last-Modified: Mon, 15 Nov 2017 12:00:00 GMT
Last-Modified: Mon, 15 Nov 2017 12:00:00 GMT
The last modified date for the requested object (in “HTTP-date” format as defined by RFC 7231)
所请求对象的最后修改日期(采用RFC 7231定义的“ HTTP日期”格式)
Link
(Link
)
Link: </feed>; rel="alternate"
Link: </feed>; rel="alternate"
Used to express a typed relationship with another resource, where the relation type is defined by RFC 5988
用于表示与另一个资源的类型化关系,其中关系类型由RFC 5988定义
Location
(Location
)
Location: /pub/WWW/People.html
Location: /pub/WWW/People.html
Used in redirection, or when a new resource has been created
用于重定向或创建新资源时
Pragma
(Pragma
)
Pragma: no-cache
Pragma: no-cache
Implementation-specific fields that may have various effects anywhere along the request-response chain.
特定于实现的字段可能会在请求-响应链的任何地方产生各种影响。
Proxy-Authenticate
(Proxy-Authenticate
)
Proxy-Authenticate: Basic
Proxy-Authenticate: Basic
Request authentication to access the proxy
请求身份验证以访问代理
Public-Key-Pins
(Public-Key-Pins
)
HTTP Public Key Pinning, announces hash of website’s authentic TLS certificate
HTTP公钥固定,宣布网站的真实TLS证书的哈希值
Retry-After
(Retry-After
)
Retry-After: 120
Retry-After: Fri, 07 Nov 2014 23:59:59 GMT
Retry-After: 120
Retry-After: Fri, 07 Nov 2014 23:59:59 GMT
If an entity is temporarily unavailable, this instructs the client to try again later. Value could be a specified period of time (in seconds) or a HTTP-date
如果实体暂时不可用,这会指示客户端稍后重试。 值可以是指定的时间段(以秒为单位)或HTTP日期
Server
(Server
)
Server: Apache/2.4.1 (Unix)
Server: Apache/2.4.1 (Unix)
A name for the server
服务器名称
Set-Cookie
(Set-Cookie
)
Set-Cookie: UserID=JohnDoe; Max-Age=3600; Version=1
Set-Cookie: UserID=JohnDoe; Max-Age=3600; Version=1
An HTTP cookie
HTTP cookie
Strict-Transport-Security
(Strict-Transport-Security
)
Strict-Transport-Security: max-age=16070400; includeSubDomains
Strict-Transport-Security: max-age=16070400; includeSubDomains
A HSTS Policy informing the HTTP client how long to cache the HTTPS only policy and whether this applies to subdomains
HSTS策略,通知HTTP客户端将仅HTTPS策略缓存多长时间以及这是否适用于子域
Trailer
(Trailer
)
Trailer: Max-Forwards
Trailer: Max-Forwards
The Trailer general field value indicates that the given set of header fields is present in the trailer of a message encoded with chunked transfer coding
Trailer常规字段值指示给定的报头字段集存在于使用分块传输编码编码的消息的尾部中
Transfer-Encoding
(Transfer-Encoding
)
Transfer-Encoding: chunked
Transfer-Encoding: chunked
The form of encoding used to safely transfer the entity to the user. Currently defined methods are: chunked, compress, deflate, gzip, identity. Deprecated in HTTP/2
用于将实体安全地转移给用户的编码形式。 当前定义的方法是:分块,压缩,放气,gzip,标识。 在HTTP / 2中已弃用
Tk
(Tk
)
Tk: ?
Tk: ?
Tracking Status header, value suggested to be sent in response to a DNT(do-not-track), possible values: “!” — under construction “?” — dynamic “G” — gateway to multiple parties “N” — not tracking “T” — tracking “C” — tracking with consent “P” — tracking only if consented “D” — disregarding DNT “U” — updated
跟踪状态标头,建议为响应DNT(不跟踪)而发送的值,可能的值:“!” - 🚧正在施工🚧 ”?” -动态“ G”-通往多方的网关“ N”-不跟踪“ T”-跟踪“ C”-同意跟踪“ P”-仅在同意的情况下跟踪“ D”-忽略DNT“ U”-已更新
Upgrade
(Upgrade
)
Upgrade: h2c, HTTPS/1.3, IRC/6.9, RTA/x11, websocket
Upgrade: h2c, HTTPS/1.3, IRC/6.9, RTA/x11, websocket
Ask the client to upgrade to another protocol. Deprecated in HTTP/2
要求客户端升级到另一个协议。 在HTTP / 2中已弃用
Vary
(Vary
)
Vary: Accept-Language
Vary: *
Vary: Accept-Language
Vary: *
Tells downstream proxies how to match future request headers to decide whether the cached response can be used rather than requesting a fresh one from the origin server
告诉下游代理如何匹配将来的请求标头,以决定是否可以使用缓存的响应,而不是从原始服务器请求一个新的响应
Via
(Via
)
Via: 1.0 fred, 1.1 example.com (Apache/1.1)
Via: 1.0 fred, 1.1 example.com (Apache/1.1)
Informs the client of proxies through which the response was sent
通知客户端发送响应的代理
Warning
(Warning
)
Warning: 199 Miscellaneous warning
Warning: 199 Miscellaneous warning
A general warning about possible problems with the entity body
关于实体可能存在的问题的一般警告
WWW-Authenticate
(WWW-Authenticate
)
WWW-Authenticate: Basic
WWW-Authenticate: Basic
Indicates the authentication scheme that should be used to access the requested entity
指示用于访问请求的实体的身份验证方案
CORS标头 (CORS headers)
Access-Control-Allow-Origin
Access-Control-Allow-Origin
Access-Control-Allow-Credentials
Access-Control-Allow-Credentials
Access-Control-Expose-Headers
Access-Control-Expose-Headers
Access-Control-Max-Age
Access-Control-Max-Age
Access-Control-Allow-Methods
Access-Control-Allow-Methods
Access-Control-Allow-Headers
Access-Control-Allow-Headers
非标头: (Non-standard headers:)
Content-Security-Policy
(Content-Security-Policy
)
Helps to protect against XSS attacks. See MDN for more details
帮助防御XSS攻击。 有关更多详细信息,请参见MDN
Refresh
(Refresh
)
Refresh: 10;http://www.example.org/
Refresh: 10;http://www.example.org/
Redirect to a URL after an arbitrary delay expressed in seconds
在以秒为单位的任意延迟后重定向到URL
X-Powered-By
(X-Powered-By
)
X-Powered-By: Brain/0.6b
X-Powered-By: Brain/0.6b
Can be used by servers to send their name and version
服务器可以使用其发送其名称和版本
X-Request-ID
(X-Request-ID
)
Allows the server to pass a request ID that clients can send back to let the server correlate the request
允许服务器传递客户端可以发送回的请求ID,以使服务器将请求关联
X-UA-Compatible
(X-UA-Compatible
)
Sets which version of Internet Explorer compatibility layer should be used. Only used if you need to support IE8 or IE9. See StackOverflow
设置应使用哪个版本的Internet Explorer兼容性层。 仅在需要支持IE8或IE9时使用。 请参见StackOverflow
X-XSS-Protection
(X-XSS-Protection
)
Now replaced by the Content-Security-Policy
header, used in older browsers to stop pages load when an XSS attack is detected
现在由Content-Security-Policy
标头替换,该标头在较旧的浏览器中用于检测到XSS攻击时停止页面加载
设置http响应标头