Internet Assigned Numbers Authority

Hypertext Transfer Protocol (HTTP) Field Name Registry

Created
2021-10-01
Last Updated
2024-02-16
Available Formats

XML

HTML

Plain text

Registry included below

Hypertext Transfer Protocol (HTTP) Field Name Registry

Registration Procedure(s)
Specification Required for Permanent registrations,
Expert Review for Provisional registrations. 
    
Expert(s)
Mark Nottingham, Roy Fielding
Reference
[RFC9110]
Note
See Section 16.3 of [RFC9110] for more
information on defining and registering new HTTP Fields.
    
Note
New field names, along with changes to existing ones, can be 
requested using the [registry interface] or the mailing list
defined in [RFC9110].
    
Available Formats

CSV
Field Name Template Status Reference Comments
A-IM permanent [RFC 3229: Delta encoding in HTTP]
Accept permanent [RFC9110, Section 12.5.1: HTTP Semantics]
Accept-Additions permanent [RFC 2324: Hyper Text Coffee Pot Control Protocol (HTCPCP/1.0)]
Accept-CH permanent [RFC 8942, Section 3.1: HTTP Client Hints]
Accept-Charset deprecated [RFC9110, Section 12.5.2: HTTP Semantics]
Accept-Datetime permanent [RFC 7089: HTTP Framework for Time-Based Access to Resource States -- Memento]
Accept-Encoding permanent [RFC9110, Section 12.5.3: HTTP Semantics]
Accept-Features permanent [RFC 2295: Transparent Content Negotiation in HTTP]
Accept-Language permanent [RFC9110, Section 12.5.4: HTTP Semantics]
Accept-Patch permanent [RFC 5789: PATCH Method for HTTP]
Accept-Post perm/accept-post permanent [Linked Data Platform 1.0]
Accept-Ranges permanent [RFC9110, Section 14.3: HTTP Semantics]
Accept-Signature permanent [RFC 9421, Section 5.1: HTTP Message Signatures]
Access-Control obsoleted [Access Control for Cross-site Requests]
Access-Control-Allow-Credentials permanent [Fetch]
Access-Control-Allow-Headers permanent [Fetch]
Access-Control-Allow-Methods permanent [Fetch]
Access-Control-Allow-Origin permanent [Fetch]
Access-Control-Expose-Headers permanent [Fetch]
Access-Control-Max-Age permanent [Fetch]
Access-Control-Request-Headers permanent [Fetch]
Access-Control-Request-Method permanent [Fetch]
Age permanent [RFC9111, Section 5.1: HTTP Caching]
Allow permanent [RFC9110, Section 10.2.1: HTTP Semantics]
ALPN permanent [RFC 7639, Section 2: The ALPN HTTP Header Field]
Alt-Svc permanent [RFC 7838: HTTP Alternative Services]
Alt-Used permanent [RFC 7838: HTTP Alternative Services]
Alternates permanent [RFC 2295: Transparent Content Negotiation in HTTP]
AMP-Cache-Transform provisional [AMP-Cache-Transform HTTP request header]
Apply-To-Redirect-Ref permanent [RFC 4437: Web Distributed Authoring and Versioning (WebDAV) Redirect Reference Resources]
Authentication-Control permanent [RFC 8053, Section 4: HTTP Authentication Extensions for Interactive Clients]
Authentication-Info permanent [RFC9110, Section 11.6.3: HTTP Semantics]
Authorization permanent [RFC9110, Section 11.6.2: HTTP Semantics]
C-Ext obsoleted [RFC 2774: An HTTP Extension Framework][status-change-http-experiments-to-historic]
C-Man obsoleted [RFC 2774: An HTTP Extension Framework][status-change-http-experiments-to-historic]
C-Opt obsoleted [RFC 2774: An HTTP Extension Framework][status-change-http-experiments-to-historic]
C-PEP obsoleted [PEP - an Extension Mechanism for HTTP][status-change-http-experiments-to-historic]
C-PEP-Info deprecated [PEP - an Extension Mechanism for HTTP][status-change-http-experiments-to-historic]
Cache-Control permanent [RFC9111, Section 5.2]
Cache-Status permanent [RFC9211: The Cache-Status HTTP Response Header Field]
Cal-Managed-ID permanent [RFC 8607, Section 5.1: Calendaring Extensions to WebDAV (CalDAV): Managed Attachments]
CalDAV-Timezones permanent [RFC 7809, Section 7.1: Calendaring Extensions to WebDAV (CalDAV): Time Zones by Reference]
Capsule-Protocol permanent [RFC9297]
CDN-Cache-Control permanent [RFC9213: Targeted HTTP Cache Control] Cache directives targeted at content delivery networks
CDN-Loop permanent [RFC 8586: Loop Detection in Content Delivery Networks (CDNs)]
Cert-Not-After permanent [RFC 8739, Section 3.3: Support for Short-Term, Automatically Renewed (STAR) Certificates in the Automated Certificate Management Environment (ACME)]
Cert-Not-Before permanent [RFC 8739, Section 3.3: Support for Short-Term, Automatically Renewed (STAR) Certificates in the Automated Certificate Management Environment (ACME)]
Clear-Site-Data permanent [Clear Site Data]
Client-Cert permanent [RFC9440, Section 2: Client-Cert HTTP Header Field]
Client-Cert-Chain permanent [RFC9440, Section 2: Client-Cert HTTP Header Field]
Close permanent [RFC9112, Section 9.6: HTTP/1.1] (reserved)
Configuration-Context provisional [OSLC Configuration Management Version 1.0. Part 3: Configuration Specification]
Connection permanent [RFC9110, Section 7.6.1: HTTP Semantics]
Content-Base obsoleted [RFC 2068: Hypertext Transfer Protocol -- HTTP/1.1][RFC 2616: Hypertext Transfer Protocol -- HTTP/1.1]
Content-Digest permanent [RFC 9530, Section 2: Digest Fields]
Content-Disposition permanent [RFC 6266: Use of the Content-Disposition Header Field in the Hypertext Transfer Protocol (HTTP)]
Content-Encoding permanent [RFC9110, Section 8.4: HTTP Semantics]
Content-ID deprecated [The HTTP Distribution and Replication Protocol]
Content-Language permanent [RFC9110, Section 8.5: HTTP Semantics]
Content-Length permanent [RFC9110, Section 8.6: HTTP Semantics]
Content-Location permanent [RFC9110, Section 8.7: HTTP Semantics]
Content-MD5 obsoleted [RFC 2616, Section 14.15: Hypertext Transfer Protocol -- HTTP/1.1][RFC 7231, Appendix B: Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content]
Content-Range permanent [RFC9110, Section 14.4: HTTP Semantics]
Content-Script-Type obsoleted [HTML 4.01 Specification]
Content-Security-Policy permanent [Content Security Policy Level 3]
Content-Security-Policy-Report-Only permanent [Content Security Policy Level 3]
Content-Style-Type obsoleted [HTML 4.01 Specification]
Content-Type permanent [RFC9110, Section 8.3: HTTP Semantics]
Content-Version obsoleted [RFC 2068: Hypertext Transfer Protocol -- HTTP/1.1]
Cookie permanent [RFC 6265: HTTP State Management Mechanism]
Cookie2 obsoleted [RFC 2965: HTTP State Management Mechanism][RFC 6265: HTTP State Management Mechanism]
Cross-Origin-Embedder-Policy permanent [HTML]
Cross-Origin-Embedder-Policy-Report-Only permanent [HTML]
Cross-Origin-Opener-Policy permanent [HTML]
Cross-Origin-Opener-Policy-Report-Only permanent [HTML]
Cross-Origin-Resource-Policy permanent [Fetch]
DASL permanent [RFC 5323: Web Distributed Authoring and Versioning (WebDAV) SEARCH]
Date permanent [RFC9110, Section 6.6.1: HTTP Semantics]
DAV permanent [RFC 4918: HTTP Extensions for Web Distributed Authoring and Versioning (WebDAV)]
Default-Style obsoleted [HTML 4.01 Specification]
Delta-Base permanent [RFC 3229: Delta encoding in HTTP]
Depth permanent [RFC 4918: HTTP Extensions for Web Distributed Authoring and Versioning (WebDAV)]
Derived-From obsoleted [RFC 2068: Hypertext Transfer Protocol -- HTTP/1.1]
Destination permanent [RFC 4918: HTTP Extensions for Web Distributed Authoring and Versioning (WebDAV)]
Differential-ID deprecated [The HTTP Distribution and Replication Protocol]
Digest obsoleted [RFC 3230: Instance Digests in HTTP][RFC 9530, Section 1.3: Digest Fields]
DPoP permanent [RFC9449: OAuth 2.0 Demonstrating Proof of Possession (DPoP)]
DPoP-Nonce permanent [RFC9449: OAuth 2.0 Demonstrating Proof of Possession (DPoP)]
Early-Data permanent [RFC 8470: Using Early Data in HTTP]
EDIINT-Features provisional [RFC 6017: Electronic Data Interchange - Internet Integration (EDIINT) Features Header Field]
ETag permanent [RFC9110, Section 8.8.3: HTTP Semantics]
Expect permanent [RFC9110, Section 10.1.1: HTTP Semantics]
Expect-CT deprecated [RFC9163: Expect-CT Extension for HTTP][IESG][HTTPBIS]
Expires permanent [RFC9111, Section 5.3: HTTP Caching]
Ext obsoleted [RFC 2774: An HTTP Extension Framework][status-change-http-experiments-to-historic]
Forwarded permanent [RFC 7239: Forwarded HTTP Extension]
From permanent [RFC9110, Section 10.1.2: HTTP Semantics]
GetProfile obsoleted [Implementation of OPS Over HTTP]
Hobareg permanent [RFC 7486, Section 6.1.1: HTTP Origin-Bound Authentication (HOBA)]
Host permanent [RFC9110, Section 7.2: HTTP Semantics]
HTTP2-Settings obsoleted [RFC 7540, Section 3.2.1: Hypertext Transfer Protocol Version 2 (HTTP/2)] Obsolete; see Section 11.1 of [RFC9113]
If permanent [RFC 4918: HTTP Extensions for Web Distributed Authoring and Versioning (WebDAV)]
If-Match permanent [RFC9110, Section 13.1.1: HTTP Semantics]
If-Modified-Since permanent [RFC9110, Section 13.1.3: HTTP Semantics]
If-None-Match permanent [RFC9110, Section 13.1.2: HTTP Semantics]
If-Range permanent [RFC9110, Section 13.1.5: HTTP Semantics]
If-Schedule-Tag-Match permanent [ RFC 6338: Scheduling Extensions to CalDAV]
If-Unmodified-Since permanent [RFC9110, Section 13.1.4: HTTP Semantics]
IM permanent [RFC 3229: Delta encoding in HTTP]
Include-Referred-Token-Binding-ID permanent [RFC 8473: Token Binding over HTTP]
Isolation prov/isolation provisional [OData Version 4.01 Part 1: Protocol][OASIS][Chet_Ensign]
Keep-Alive permanent [RFC 2068: Hypertext Transfer Protocol -- HTTP/1.1]
Label permanent [RFC 3253: Versioning Extensions to WebDAV: (Web Distributed Authoring and Versioning)]
Last-Event-ID permanent [HTML]
Last-Modified permanent [RFC9110, Section 8.8.2: HTTP Semantics]
Link permanent [RFC 8288: Web Linking]
Location permanent [RFC9110, Section 10.2.2: HTTP Semantics]
Lock-Token permanent [RFC 4918: HTTP Extensions for Web Distributed Authoring and Versioning (WebDAV)]
Man obsoleted [RFC 2774: An HTTP Extension Framework][status-change-http-experiments-to-historic]
Max-Forwards permanent [RFC9110, Section 7.6.2: HTTP Semantics]
Memento-Datetime permanent [RFC 7089: HTTP Framework for Time-Based Access to Resource States -- Memento]
Meter permanent [RFC 2227: Simple Hit-Metering and Usage-Limiting for HTTP]
Method-Check obsoleted [Access Control for Cross-site Requests]
Method-Check-Expires obsoleted [Access Control for Cross-site Requests]
MIME-Version permanent [RFC9112, Appendix B.1: HTTP/1.1]
Negotiate permanent [RFC 2295: Transparent Content Negotiation in HTTP]
NEL permanent [Network Error Logging]
OData-EntityId perm/odata-entityid permanent [OData Version 4.01 Part 1: Protocol][OASIS][Chet_Ensign]
OData-Isolation perm/odata-isolation permanent [OData Version 4.01 Part 1: Protocol][OASIS][Chet_Ensign]
OData-MaxVersion perm/odata-maxversion permanent [OData Version 4.01 Part 1: Protocol][OASIS][Chet_Ensign]
OData-Version perm/odata-version permanent [OData Version 4.01 Part 1: Protocol][OASIS][Chet_Ensign]
Opt obsoleted [RFC 2774: An HTTP Extension Framework][status-change-http-experiments-to-historic]
Optional-WWW-Authenticate permanent [RFC 8053, Section 3: HTTP Authentication Extensions for Interactive Clients]
Ordering-Type permanent [RFC 3648: Web Distributed Authoring and Versioning (WebDAV) Ordered Collections Protocol]
Origin permanent [RFC 6454: The Web Origin Concept]
Origin-Agent-Cluster permanent [HTML]
OSCORE permanent [RFC 8613, Section 11.1: Object Security for Constrained RESTful Environments (OSCORE)]
OSLC-Core-Version permanent [OASIS Project Specification 01][OASIS][Chet_Ensign]
Overwrite permanent [RFC 4918: HTTP Extensions for Web Distributed Authoring and Versioning (WebDAV)]
P3P obsoleted [The Platform for Privacy Preferences 1.0 (P3P1.0) Specification]
PEP obsoleted [PEP - an Extension Mechanism for HTTP]
PEP-Info obsoleted [PEP - an Extension Mechanism for HTTP]
Permissions-Policy provisional [Permissions Policy]
PICS-Label obsoleted [PICS Label Distribution Label Syntax and Communication Protocols]
Ping-From permanent [HTML]
Ping-To permanent [HTML]
Position permanent [RFC 3648: Web Distributed Authoring and Versioning (WebDAV) Ordered Collections Protocol]
Pragma deprecated [RFC9111, Section 5.4: HTTP Caching]
Prefer permanent [RFC 7240: Prefer Header for HTTP]
Preference-Applied permanent [RFC 7240: Prefer Header for HTTP]
Priority permanent [RFC9218: Extensible Prioritization Scheme for HTTP]
ProfileObject obsoleted [Implementation of OPS Over HTTP]
Protocol obsoleted [PICS Label Distribution Label Syntax and Communication Protocols]
Protocol-Info deprecated [White Paper: Joint Electronic Payment Initiative]
Protocol-Query deprecated [White Paper: Joint Electronic Payment Initiative]
Protocol-Request obsoleted [PICS Label Distribution Label Syntax and Communication Protocols]
Proxy-Authenticate permanent [RFC9110, Section 11.7.1: HTTP Semantics]
Proxy-Authentication-Info permanent [RFC9110, Section 11.7.3: HTTP Semantics]
Proxy-Authorization permanent [RFC9110, Section 11.7.2: HTTP Semantics]
Proxy-Features obsoleted [Notification for Proxy Caches]
Proxy-Instruction obsoleted [Notification for Proxy Caches]
Proxy-Status permanent [RFC9209: The Proxy-Status HTTP Response Header Field]
Public obsoleted [RFC 2068: Hypertext Transfer Protocol -- HTTP/1.1]
Public-Key-Pins permanent [RFC 7469: Public Key Pinning Extension for HTTP]
Public-Key-Pins-Report-Only permanent [RFC 7469: Public Key Pinning Extension for HTTP]
Range permanent [RFC9110, Section 14.2: HTTP Semantics]
Redirect-Ref permanent [RFC 4437: Web Distributed Authoring and Versioning (WebDAV) Redirect Reference Resources]
Referer permanent [RFC9110, Section 10.1.3: HTTP Semantics]
Referer-Root obsoleted [Access Control for Cross-site Requests]
Refresh permanent [HTML]
Repeatability-Client-ID prov/repeatability-client-id provisional [Repeatable Requests Version 1.0][OASIS][Chet_Ensign]
Repeatability-First-Sent prov/repeatability-first-sent provisional [Repeatable Requests Version 1.0][OASIS][Chet_Ensign]
Repeatability-Request-ID prov/repeatability-request-id provisional [Repeatable Requests Version 1.0][OASIS][Chet_Ensign]
Repeatability-Result prov/repeatability-result provisional [Repeatable Requests Version 1.0][OASIS][Chet_Ensign]
Replay-Nonce permanent [RFC 8555, Section 6.5.1: Automatic Certificate Management Environment (ACME)]
Reporting-Endpoints provisional [Reporting API]
Repr-Digest permanent [RFC 9530, Section 3: Digest Fields]
Retry-After permanent [RFC9110, Section 10.2.3: HTTP Semantics]
Safe obsoleted [RFC 2310: The Safe Response Header Field][status-change-http-experiments-to-historic]
Schedule-Reply permanent [RFC 6638: Scheduling Extensions to CalDAV]
Schedule-Tag permanent [RFC 6338: Scheduling Extensions to CalDAV]
Sec-GPC provisional [Global Privacy Control (GPC)]
Sec-Purpose permanent [Fetch] Intended to replace the (not registered) Purpose and x-moz headers.
Sec-Token-Binding permanent [RFC 8473: Token Binding over HTTP]
Sec-WebSocket-Accept permanent [RFC 6455: The WebSocket Protocol]
Sec-WebSocket-Extensions permanent [RFC 6455: The WebSocket Protocol]
Sec-WebSocket-Key permanent [RFC 6455: The WebSocket Protocol]
Sec-WebSocket-Protocol permanent [RFC 6455: The WebSocket Protocol]
Sec-WebSocket-Version permanent [RFC 6455: The WebSocket Protocol]
Security-Scheme obsoleted [RFC 2660: The Secure HyperText Transfer Protocol][status-change-http-experiments-to-historic]
Server permanent [RFC9110, Section 10.2.4: HTTP Semantics]
Server-Timing permanent [Server Timing]
Set-Cookie permanent [RFC 6265: HTTP State Management Mechanism]
Set-Cookie2 obsoleted [RFC 2965: HTTP State Management Mechanism][RFC 6265: HTTP State Management Mechanism]
SetProfile obsoleted [Implementation of OPS Over HTTP]
Signature permanent [RFC 9421, Section 4.2: HTTP Message Signatures]
Signature-Input permanent [RFC 9421, Section 4.1: HTTP Message Signatures]
SLUG permanent [RFC 5023: The Atom Publishing Protocol]
SoapAction permanent [Simple Object Access Protocol (SOAP) 1.1]
Status-URI permanent [RFC 2518: HTTP Extensions for Distributed Authoring -- WEBDAV]
Strict-Transport-Security permanent [RFC 6797: HTTP Strict Transport Security (HSTS)]
Sunset permanent [RFC 8594: The Sunset HTTP Header Field]
Surrogate-Capability provisional [Edge Architecture Specification]
Surrogate-Control provisional [Edge Architecture Specification]
TCN permanent [RFC 2295: Transparent Content Negotiation in HTTP]
TE permanent [RFC9110, Section 10.1.4: HTTP Semantics]
Timeout permanent [RFC 4918: HTTP Extensions for Web Distributed Authoring and Versioning (WebDAV)]
Timing-Allow-Origin prov/timing-allow-origin provisional [Resource Timing Level 1]
Topic permanent [RFC 8030, Section 5.4: Generic Event Delivery Using HTTP Push]
Traceparent permanent [Trace Context]
Tracestate permanent [Trace Context]
Trailer permanent [RFC9110, Section 6.6.2: HTTP Semantics]
Transfer-Encoding permanent [RFC9112, Section 6.1: HTTP Semantics]
TTL permanent [RFC 8030, Section 5.2: Generic Event Delivery Using HTTP Push]
Upgrade permanent [RFC9110, Section 7.8: HTTP Semantics]
Urgency permanent [RFC 8030, Section 5.3: Generic Event Delivery Using HTTP Push]
URI obsoleted [RFC 2068: Hypertext Transfer Protocol -- HTTP/1.1]
User-Agent permanent [RFC9110, Section 10.1.5: HTTP Semantics]
Variant-Vary permanent [RFC 2295: Transparent Content Negotiation in HTTP]
Vary permanent [RFC9110, Section 12.5.5: HTTP Semantics]
Via permanent [RFC9110, Section 7.6.3: HTTP Semantics]
Want-Content-Digest permanent [RFC 9530, Section 4: Digest Fields]
Want-Digest obsoleted [RFC 3230: Instance Digests in HTTP][RFC 9530, Section 1.3: Digest Fields]
Want-Repr-Digest permanent [RFC 9530, Section 4: Digest Fields]
Warning obsoleted [RFC9111, Section 5.5: HTTP Caching]
WWW-Authenticate permanent [RFC9110, Section 11.6.1: HTTP Semantics]
X-Content-Type-Options permanent [Fetch]
X-Frame-Options permanent [HTML]
* permanent [RFC9110, Section 12.5.5: HTTP Semantics] (reserved)

Contact Information

ID Name Contact URI Last Updated
[Chet_Ensign] Chet Ensign mailto:chet.ensign&oasis-open.org 2020-09-01
[OASIS] OASIS https://www.oasis-open.org