HTTP 헤더 레퍼런스
HTTP 요청 및 응답 헤더의 검색 가능한 레퍼런스 표.
| 헤더 | 유형 | 카테고리 | 설명 |
|---|---|---|---|
| Accept | Request | Content Negotiation | Media types acceptable for the response (e.g. text/html, application/json). |
| Accept-Charset | Request | Content Negotiation | Character sets acceptable for the response. |
| Accept-Encoding | Request | Content Negotiation | Encoding algorithms the client supports (e.g. gzip, deflate, br). |
| Accept-Language | Request | Content Negotiation | Natural languages preferred for the response (e.g. en-US, fr). |
| Authorization | Request | Authentication | Credentials for authenticating the client with the server (e.g. Bearer token). |
| Cookie | Request | State | HTTP cookies previously set by the server, sent back with each request. |
| Expect | Request | Request Control | Indicates that particular server behaviors are required by the client (e.g. 100-continue). |
| Host | Request | Request Target | Domain name and port number of the server being addressed. Required in HTTP/1.1. |
| If-Match | Request | Conditional | Makes the request conditional based on matching ETag values. |
| If-Modified-Since | Request | Conditional | Makes the request conditional based on modification date. |
| If-None-Match | Request | Conditional | Makes the request conditional based on non-matching ETag values. |
| If-Unmodified-Since | Request | Conditional | Makes the request conditional on the resource not being modified since the given date. |
| Origin | Request | CORS | Indicates the origin from which the cross-site request is initiated. |
| Proxy-Authorization | Request | Authentication | Credentials for authenticating with a proxy server. |
| Range | Request | Partial Requests | Requests only part of a resource (e.g. bytes=0-1023 for the first 1 KB). |
| Referer | Request | Request Context | URL of the page from which the request originated. |
| TE | Request | Transfer Encoding | Specifies transfer encodings the client is willing to accept. |
| User-Agent | Request | Request Context | Contains information about the client software making the request. |
| X-Forwarded-For | Request | Proxies | Identifies the originating IP address when the request passes through proxies. |
| X-Requested-With | Request | Custom | Commonly used to identify Ajax requests (value: XMLHttpRequest). |
| Accept-Ranges | Response | Partial Requests | Indicates if the server supports range requests (bytes or none). |
| Age | Response | Caching | Time in seconds the object has been stored in a proxy cache. |
| Allow | Response | Request Methods | HTTP methods allowed for the requested resource (used in 405 responses). |
| Content-Disposition | Response | Response Body | Indicates whether content should be displayed inline or as a file download. |
| Content-Encoding | Response | Response Body | Encoding applied to the response body (e.g. gzip, br). |
| Content-Language | Response | Content Negotiation | Natural language(s) of the response body. |
| Content-Length | Response | Response Body | Size of the response body in bytes. |
| Content-Range | Response | Partial Requests | Indicates the range of bytes sent in a partial content response (206). |
| ETag | Response | Caching | Unique identifier for the specific version of a resource; used for cache validation. |
| Expires | Response | Caching | Date/time after which the response is considered stale. |
| Last-Modified | Response | Caching | Date and time the resource was last modified on the server. |
| Location | Response | Redirects | URL to redirect the client to in 3xx or 201 responses. |
| Proxy-Authenticate | Response | Authentication | Defines the authentication method to use for a proxy (407 response). |
| Retry-After | Response | Request Control | How long to wait before making a new request after a 429 or 503 response. |
| Server | Response | Server Info | Software information about the origin server. |
| Set-Cookie | Response | State | Sends a cookie from the server to the client for storage. |
| Strict-Transport-Security | Response | Security | HSTS: forces browsers to use HTTPS for subsequent requests. |
| Vary | Response | Caching | Tells caches which request headers to use as cache keys. |
| WWW-Authenticate | Response | Authentication | Defines the authentication method for accessing the resource (401 response). |
| X-Content-Type-Options | Response | Security | Prevents MIME sniffing. Use value: nosniff. |
| X-Frame-Options | Response | Security | Controls whether the page can be embedded in an iframe (DENY, SAMEORIGIN). |
| X-XSS-Protection | Response | Security | Enables XSS filtering in older browsers (legacy, mostly deprecated). |
| Cache-Control | Both | Caching | Directives for caching in requests and responses (e.g. no-cache, max-age=3600). |
| Connection | Both | Connection Management | Controls whether the network connection stays open (keep-alive or close). |
| Content-Type | Both | Response Body | Media type of the request or response body (e.g. application/json). |
| Date | Both | Timestamps | Date and time the message was sent. |
| Pragma | Both | Caching | Legacy cache control directive (no-cache). Superseded by Cache-Control. |
| Trailer | Both | Transfer Encoding | Indicates which headers will be present in the trailer of a chunked response. |
| Transfer-Encoding | Both | Transfer Encoding | Encoding applied to the message body for transfer (e.g. chunked). |
| Via | Both | Proxies | Added by proxies to indicate intermediate protocols and recipients. |
| Warning | Both | Request Control | General warnings about possible problems with the message (deprecated in RFC 9110). |
| Access-Control-Allow-Origin | Response | CORS | Specifies which origins are allowed for CORS requests. |
| Access-Control-Allow-Methods | Response | CORS | HTTP methods allowed for CORS preflight responses. |
| Access-Control-Allow-Headers | Response | CORS | HTTP headers allowed in CORS preflight responses. |
| Access-Control-Allow-Credentials | Response | CORS | Indicates if the response can be shared when credentials are included. |
| Access-Control-Max-Age | Response | CORS | How long the preflight response can be cached (in seconds). |
| Cross-Origin-Opener-Policy | Response | Security | Controls the browsing context group for cross-origin documents. |
| Cross-Origin-Resource-Policy | Response | Security | Prevents cross-origin reads of the response in certain contexts. |
| Content-Security-Policy | Response | Security | Specifies allowed sources for content types to prevent XSS and injection attacks. |
| Referrer-Policy | Response | Security | Controls how much referrer information is sent with requests. |
| Permissions-Policy | Response | Security | Controls browser features and APIs that are allowed to be used (formerly Feature-Policy). |
이 도구 소개
HTTP 헤더는 모든 웹 요청과 응답에 포함되는 메타데이터 필드로, 캐싱 동작부터 인증, 콘텐츠 협상에 이르기까지 모든 것을 제어합니다. HTTP Headers Reference는 최신 웹 개발에서 사용되는 가장 일반적이고 중요한 헤더에 대한 검색 가능한 가이드로, 개발자가 각 헤더의 목적, 허용하는 값, 사용 시기를 빠르게 이해하도록 돕습니다.
헤더 이름을 검색하거나 분류된 목록을 보면서 각 헤더의 목적, 구문, 일반적인 사용 사례에 대한 상세 정보를 찾을 수 있습니다. CORS 오류 디버깅, 캐시 제어 설정, 보안 정책 설정, 또는 리다이렉트 동작 이해 등 어떤 상황이든 이 참고 자료는 불필요한 정보를 걷어내고 페이지를 떠나지 않고도 정확한 정보를 제공합니다.
이 도구는 백엔드 개발자, 프론트엔드 엔지니어, DevOps 전문가, HTTP 인프라를 관리하는 모든 사람에게 필수적입니다. 브라우저에서 완전히 동작하며 서버 호출이 없어서, API 구축, 웹 서버 설정, 또는 프로덕션 환경의 요청 헤더 문제 해결 시 빠르고 안전한 오프라인 참고 자료로 활용할 수 있습니다.
자주 묻는 질문
Comments & Feedback
Comments are powered by Giscus. Sign in with GitHub to leave a comment.