Server Response Headers

The response headers described here are used in server responses to communicate information about the server and how it may handle requests.

Accept-Ranges

Accept-Ranges: bytes | none

Indicates the acceptance of range requests for a URI, specifying either the range unit (e.g., bytes) or none if no range requests are accepted.

Age

Age: seconds

Indicates the age of the document in seconds.

Proxy-Authenticate

Proxy-Authenticate: scheme realm

Indicates the authentication scheme and parameters applicable to the proxy for this URI and the current connection. Used with response 407 (Proxy Authentication Required).

Public

Public: methods

Indicates methods supported by the server as a comma-separated list. Intended for declaration of non-standard methods supported at this site. For methods applicable only to an individual URI, use the Allow header. See HTTP Overview, for a discussion of request methods.

Retry-After

Retry-After: date | seconds

Used with response code 503 (Service Unavailable). It contains either an integer number of seconds or a GMT date and time (as described by the Date header formats). If the value is an integer, it is interpreted as the number of seconds to wait after the request was issued. For example:

Retry-After: 3600 Retry-After: Sat, 18 May 1996 06:59:37 GMT 

Server

Server: string

Contains the name and version number of the server. For example:

Server: NCSA/1.3 

Set-Cookie

Set-Cookie: name=value[; options]

Contains a name/value pair of information to retain for this URL. For browsers supporting Netscape persistent cookies; not included in the HTTP standard. See Cookies, for more information. Options are:

• expires=date
• The cookie becomes invalid after the specified date.
• path=pathname
• The URL range for which the cookie is valid.
• domain=domain_name
• the domain name range for which the cookie is valid.
• secure
• Return the cookie only under a secure connection.

Vary

Vary: * | headers

Specifies that the entity has multiple sources and may therefore vary according to specified list of request header(s). Multiple headers can be listed, separated by commas. An asterisk (*) means that another factor other than the request headers may affect the document that is returned.

Warning

Warning: code host[:port] "string"

Indicates additional information to that in the status code, for use by caching proxies. The host field contains the name or pseudonym of the server host, with an optional port number. The two-digit warning codes and their recommended descriptive strings are:

• 10 Response is stale
• The response data is known to be stale.
• 11 Revalidation failed
• The response data is known to be stale because the proxy failed to revalidate the data.
• 12 Disconnected operation
• The cache is disconnected from the network.
• 13 Heuristic expiration
• The data is older than 24 hours and the cache heuristically chose a freshness lifetime greater than 24 hours.
• 14 Transformation applied
• The proxy has changed the encoding or media type of the document, as specified by the Content-Encoding or Content-Type headers.
• 99 Miscellaneous warning
• Arbitrary information to be logged or presented to the user.

WWW-Authenticate

WWW-Authenticate: scheme realm

Used with the 401 (Unauthorized) response code. It specifies the authorization scheme and realm of authorization required from a client at the requested URI. Many different authorization realms can exist on a server. A common authorization scheme is BASIC, which requires a username and password. For example:

WWW-Authenticate: BASIC realm="Admin" 

When returned to the client, this header indicates that the BASIC type of authorization data in the appropriate realm should be returned in the client's Authorization header.