Webmaster in a Nutshell

Previous Chapter 19
HTTP Headers

19.3 Server Response Headers

The response headers described here are used in server responses to communicate information about the server and how it may handle requests.


Accept-Ranges: bytes | none

Indicates the acceptance of range requests for a URI, specifying either the range unit (e.g., bytes) or none if no range requests are accepted.


Age: seconds

Indicates the age of the document in seconds.


Proxy-Authenticate: scheme realm

Indicates the authentication scheme and parameters applicable to the proxy for this URI and the current connection. Used with response 407 (Proxy Authentication Required).


Public: methods

Indicates methods supported by the server as a comma-separated list. Intended for declaration of non-standard methods supported at this site. For methods applicable only to an individual URI, use the Allow header. See Chapter 17, HTTP Overview, for a discussion of request methods.


Retry-After: date | seconds

Used with response code 503 (Service Unavailable). It contains either an integer number of seconds or a GMT date and time (as described by the Date header formats). If the value is an integer, it is interpreted as the number of seconds to wait after the request was issued. For example:

Retry-After: 3600
Retry-After: Sat, 18 May 1996 06:59:37 GMT


Server: string

Contains the name and version number of the server. For example:

Server: NCSA/1.3


Set-Cookie: name=value[; options]

Contains a name/value pair of information to retain for this URL. For browsers supporting Netscape persistent cookies; not included in the HTTP standard. See Chapter 12, Cookies, for more information. Options are:


The cookie becomes invalid after the specified date.


The URL range for which the cookie is valid.


the domain name range for which the cookie is valid.


Return the cookie only under a secure connection.


Vary: * | headers

Specifies that the entity has multiple sources and may therefore vary according to specified list of request header(s). Multiple headers can be listed, separated by commas. An asterisk (*) means that another factor other than the request headers may affect the document that is returned.


Warning: code host[:port] "string"

Indicates additional information to that in the status code, for use by caching proxies. The host field contains the name or pseudonym of the server host, with an optional port number. The two-digit warning codes and their recommended descriptive strings are:

10 Response is stale

The response data is known to be stale.

11 Revalidation failed

The response data is known to be stale because the proxy failed to revalidate the data.

12 Disconnected operation

The cache is disconnected from the network.

13 Heuristic expiration

The data is older than 24 hours and the cache heuristically chose a freshness lifetime greater than 24 hours.

14 Transformation applied

The proxy has changed the encoding or media type of the document, as specified by the Content-Encoding or Content-Type headers.

99 Miscellaneous warning

Arbitrary information to be logged or presented to the user.


WWW-Authenticate: scheme realm

Used with the 401 (Unauthorized) response code. It specifies the authorization scheme and realm of authorization required from a client at the requested URI. Many different authorization realms can exist on a server. A common authorization scheme is BASIC, which requires a username and password. For example:

WWW-Authenticate: BASIC realm="Admin"

When returned to the client, this header indicates that the BASIC type of authorization data in the appropriate realm should be returned in the client's Authorization header.

Previous Home Next
Client Request Headers Book Index Entity Headers

HTML: The Definitive Guide CGI Programming JavaScript: The Definitive Guide Programming Perl WebMaster in a Nutshell
Hosted by uCoz