HTTP Reference Tools
HTTP Headers Dashboard
Look up any common HTTP header to understand its purpose, applicability and security relevance privately in your browser.
HTTP Header Reference
Look up any common HTTP header to understand its purpose, applicability and security relevance - backed by deterministic local reference data.
This dashboard runs entirely from local reference data in your browser. Nothing you type is transmitted, stored, or used to make network requests.
40
Total headers
16
Security-relevant
19
Request headers
29
Response headers
Content & Negotiation
Content & Negotiation
Content-Type
Indicates the media type of the message body, so the recipient knows how to parse it.
Request & ResponseSecurity-relevantStandard
- Example value
- Content-Type: application/json; charset=utf-8
- Common use cases
- Declaring JSON/HTML/form-encoded bodies on requests, and the representation type of a response.
- Common mistakes
- Omitting Content-Type on a request body, or sending a body whose actual bytes don't match the declared type.
- Recommended developer action
- Always set an accurate Content-Type on any message with a body, and pair it with X-Content-Type-Options: nosniff on responses to stop browsers guessing the type themselves.
- Standard reference
- RFC 9110 §8.3
- Notes
- Security-relevant because an incorrect or missing Content-Type can lead browsers to MIME-sniff a response as something more dangerous (for example executable HTML) than intended.
Related headers
Search and filter
Search by header name (for example “cache”) or by phrase (for example “clickjacking” or “cors”).
Applies to
Browse by category
Header library
Common headers
12 of 40 headers