HTTP Başlıkları Referansı
HTTP istek ve yanıt başlıklarının aranabilir referans tablosu.
| Başlık | Tür | Kategori | Açıklama |
|---|---|---|---|
| Accept | Request | Content Negotiation | Media types acceptable for the response (e.g. text/html, application/json). |
| Accept-Charset | Request | Content Negotiation | Character sets acceptable for the response. |
| Accept-Encoding | Request | Content Negotiation | Encoding algorithms the client supports (e.g. gzip, deflate, br). |
| Accept-Language | Request | Content Negotiation | Natural languages preferred for the response (e.g. en-US, fr). |
| Authorization | Request | Authentication | Credentials for authenticating the client with the server (e.g. Bearer token). |
| Cookie | Request | State | HTTP cookies previously set by the server, sent back with each request. |
| Expect | Request | Request Control | Indicates that particular server behaviors are required by the client (e.g. 100-continue). |
| Host | Request | Request Target | Domain name and port number of the server being addressed. Required in HTTP/1.1. |
| If-Match | Request | Conditional | Makes the request conditional based on matching ETag values. |
| If-Modified-Since | Request | Conditional | Makes the request conditional based on modification date. |
| If-None-Match | Request | Conditional | Makes the request conditional based on non-matching ETag values. |
| If-Unmodified-Since | Request | Conditional | Makes the request conditional on the resource not being modified since the given date. |
| Origin | Request | CORS | Indicates the origin from which the cross-site request is initiated. |
| Proxy-Authorization | Request | Authentication | Credentials for authenticating with a proxy server. |
| Range | Request | Partial Requests | Requests only part of a resource (e.g. bytes=0-1023 for the first 1 KB). |
| Referer | Request | Request Context | URL of the page from which the request originated. |
| TE | Request | Transfer Encoding | Specifies transfer encodings the client is willing to accept. |
| User-Agent | Request | Request Context | Contains information about the client software making the request. |
| X-Forwarded-For | Request | Proxies | Identifies the originating IP address when the request passes through proxies. |
| X-Requested-With | Request | Custom | Commonly used to identify Ajax requests (value: XMLHttpRequest). |
| Accept-Ranges | Response | Partial Requests | Indicates if the server supports range requests (bytes or none). |
| Age | Response | Caching | Time in seconds the object has been stored in a proxy cache. |
| Allow | Response | Request Methods | HTTP methods allowed for the requested resource (used in 405 responses). |
| Content-Disposition | Response | Response Body | Indicates whether content should be displayed inline or as a file download. |
| Content-Encoding | Response | Response Body | Encoding applied to the response body (e.g. gzip, br). |
| Content-Language | Response | Content Negotiation | Natural language(s) of the response body. |
| Content-Length | Response | Response Body | Size of the response body in bytes. |
| Content-Range | Response | Partial Requests | Indicates the range of bytes sent in a partial content response (206). |
| ETag | Response | Caching | Unique identifier for the specific version of a resource; used for cache validation. |
| Expires | Response | Caching | Date/time after which the response is considered stale. |
| Last-Modified | Response | Caching | Date and time the resource was last modified on the server. |
| Location | Response | Redirects | URL to redirect the client to in 3xx or 201 responses. |
| Proxy-Authenticate | Response | Authentication | Defines the authentication method to use for a proxy (407 response). |
| Retry-After | Response | Request Control | How long to wait before making a new request after a 429 or 503 response. |
| Server | Response | Server Info | Software information about the origin server. |
| Set-Cookie | Response | State | Sends a cookie from the server to the client for storage. |
| Strict-Transport-Security | Response | Security | HSTS: forces browsers to use HTTPS for subsequent requests. |
| Vary | Response | Caching | Tells caches which request headers to use as cache keys. |
| WWW-Authenticate | Response | Authentication | Defines the authentication method for accessing the resource (401 response). |
| X-Content-Type-Options | Response | Security | Prevents MIME sniffing. Use value: nosniff. |
| X-Frame-Options | Response | Security | Controls whether the page can be embedded in an iframe (DENY, SAMEORIGIN). |
| X-XSS-Protection | Response | Security | Enables XSS filtering in older browsers (legacy, mostly deprecated). |
| Cache-Control | Both | Caching | Directives for caching in requests and responses (e.g. no-cache, max-age=3600). |
| Connection | Both | Connection Management | Controls whether the network connection stays open (keep-alive or close). |
| Content-Type | Both | Response Body | Media type of the request or response body (e.g. application/json). |
| Date | Both | Timestamps | Date and time the message was sent. |
| Pragma | Both | Caching | Legacy cache control directive (no-cache). Superseded by Cache-Control. |
| Trailer | Both | Transfer Encoding | Indicates which headers will be present in the trailer of a chunked response. |
| Transfer-Encoding | Both | Transfer Encoding | Encoding applied to the message body for transfer (e.g. chunked). |
| Via | Both | Proxies | Added by proxies to indicate intermediate protocols and recipients. |
| Warning | Both | Request Control | General warnings about possible problems with the message (deprecated in RFC 9110). |
| Access-Control-Allow-Origin | Response | CORS | Specifies which origins are allowed for CORS requests. |
| Access-Control-Allow-Methods | Response | CORS | HTTP methods allowed for CORS preflight responses. |
| Access-Control-Allow-Headers | Response | CORS | HTTP headers allowed in CORS preflight responses. |
| Access-Control-Allow-Credentials | Response | CORS | Indicates if the response can be shared when credentials are included. |
| Access-Control-Max-Age | Response | CORS | How long the preflight response can be cached (in seconds). |
| Cross-Origin-Opener-Policy | Response | Security | Controls the browsing context group for cross-origin documents. |
| Cross-Origin-Resource-Policy | Response | Security | Prevents cross-origin reads of the response in certain contexts. |
| Content-Security-Policy | Response | Security | Specifies allowed sources for content types to prevent XSS and injection attacks. |
| Referrer-Policy | Response | Security | Controls how much referrer information is sent with requests. |
| Permissions-Policy | Response | Security | Controls browser features and APIs that are allowed to be used (formerly Feature-Policy). |
Bu araç hakkında
HTTP başlıkları, her web isteği ve yanıtıyla birlikte gelen ve önbellekleme davranışından kimlik doğrulamaya ve içerik müzakere edilmesine kadar her şeyi kontrol eden meta veri alanlarıdır. HTTP Headers Reference, modern web geliştirmede kullanılan en yaygın ve önemli başlıklara ait aranabilir bir rehberdir ve geliştiricilerin her başlığın ne yaptığını, hangi değerleri kabul ettiğini ve ne zaman kullanacağını hızlıca anlamalarına yardımcı olur.
Bir başlık adını aramanız veya kategorize edilmiş listeyi göz atarak amacı, sözdizimi ve tipik kullanım durumları hakkında ayrıntılı bilgiler bulabilirsiniz. CORS hatasını ayıklıyor olsanız, önbellek denetimini yapılandırıyor olsanız, güvenlik ilkelerini ayarlıyor olsanız veya yönlendirme davranışını anlamaya çalışıyor olsanız, bu başvuru sayfayı terk etmeden ihtiyacınız olan bilgileri sağlar.
Bu araç, arka uç geliştiricileri, ön uç mühendisleri, DevOps uzmanları ve HTTP altyapısını yönetenlerin hepsi için gereklidir. Tarayıcınızda tamamen çalışır ve sunucu çağrıları yoktur, bu da API'ler oluştururken, web sunucuları yapılandırırken veya production ortamında istek başlıklarıyla ilgili sorunları giderirken hızlı ve özel bir çevrimdışı başvuru sağlar.
Sıkça Sorulan Sorular
Comments & Feedback
Comments are powered by Giscus. Sign in with GitHub to leave a comment.