HTTP头部参考
请求头(Request Headers)
| 头部字段 | 用途 | 示例值 |
|---|---|---|
| Accept | 客户端接受的内容类型 | text/html, application/json |
| Authorization | 认证凭据 | Bearer {token} |
| Content-Type | 请求体格式 | application/json; charset=utf-8 |
| User-Agent | 客户端软件信息 | Mozilla/5.0 ... |
| Cookie | 会话Cookie | session=abc123 |
| Referer | 来源页面URL | https://example.com/page |
| Cache-Control | 缓存指令 | no-cache, max-age=3600 |
| Accept-Language | 首选语言 | zh-CN,zh;q=0.9,en;q=0.8 |
响应头(Response Headers)
| 头部字段 | 用途 | 示例值 |
|---|---|---|
| Content-Type | 响应体格式 | application/json |
| Set-Cookie | 设置浏览器Cookie | id=a3; HttpOnly; Secure |
| Location | 重定向URL(3xx) | https://example.com/new |
| Cache-Control | 缓存策略 | public, max-age=86400 |
| ETag | 资源版本标签 | "33a64df5" |
| X-Frame-Options | 防点击劫持 | DENY 或 SAMEORIGIN |
| Access-Control-Allow-Origin | 跨域访问控制(CORS) | * 或 https://allowed.com |
| Strict-Transport-Security | 强制HTTPS(HSTS) | max-age=31536000; includeSubDomains |
| Content-Security-Policy | 允许的资源来源 | default-src 'self' |