Welcome to Shaun Luttin's public notebook. It contains rough, practical notes. The guiding idea is that, despite what marketing tells us, there are no experts at anything. Sharing our half-baked ideas helps everyone. We're all just muddling thru. Find out more about our work at bigfont.ca.

Common HTTP Headers

Tags: http, web-development


  • METHOD <url> HTTP/1.1. The method includes GET, POST, PUT, DELETE, and OPTIONS. The latter is often for CORS.
  • Referer
  • Accept
  • Accept-Language
  • Access-Control-Request-Method. Used with the OPTIONS method to indicate the actually method the subsequent request will use.
  • Access-Control-Request-Headers. Used with the OPTIONS method to indicate the headers that the application (not the browser) will set in the subsequent request.
  • Origin. The domain of the site making the request. Useful in cross-origin requests (CORS).
  • Accept-Encoding
  • User-Agent. The browser usually sets this.
  • Host. The browser usually sets this.
  • Content-Length. The browser usually sets this.
  • Content-Language
  • Content-Type
  • Last-Event-ID


  • Cache-Control
  • Pragma
  • Content-Type
  • Access-Control-Allow-Origin. Lists the allowed origins in CORS.
  • Access-Control-Allow-Headers. Lists the allowed headers in CORS.
  • Access-Control-Allow-Methods. Lists the allowed methods in CORS.
  • Date
  • Content-Length