Internet Assigned Numbers Authority

Hypertext Transfer Protocol (HTTP) Field Name Registry

Created
2021-10-01
Last Updated
2025-04-01
Available Formats

XML
HTML
Plain text

Registry Included Below

Hypertext Transfer Protocol (HTTP) Field Name Registry

Registration Procedure(s)
Specification Required for Permanent registrations,
Expert Review for Provisional registrations.
Expert(s)
Mark Nottingham, Roy Fielding
Reference
[RFC9110][RFC9651]
Note
See Section 16.3 of [RFC9110] for more
information on defining and registering new HTTP Fields.
Note
New field names, along with changes to existing ones, can be 
requested using the [registry interface] or the mailing list
defined in [RFC9110].
Note
The "Structured Type" column indicates the type of the field (per 
[RFC9651]),  if any, and may be "Dictionary", "List", or "Item".

Note that field names beginning with characters other than ALPHA
or "*" will not be able to be represented as a Structured Fields
Token and therefore may be incompatible with being mapped into
field values that refer to it.
Available Formats

CSV
Field Name Status Structured Type Reference Comments
A-IM permanent [RFC 3229: Delta encoding in HTTP]
Accept permanent [RFC9110, Section 12.5.1: HTTP Semantics]
Accept-Additions permanent [RFC 2324: Hyper Text Coffee Pot Control Protocol (HTCPCP/1.0)]
Accept-CH permanent List [RFC 8942, Section 3.1: HTTP Client Hints]
Accept-Charset deprecated [RFC9110, Section 12.5.2: HTTP Semantics]
Accept-Datetime permanent [RFC 7089: HTTP Framework for Time-Based Access to Resource States -- Memento]
Accept-Encoding permanent [RFC9110, Section 12.5.3: HTTP Semantics]
Accept-Features permanent [RFC 2295: Transparent Content Negotiation in HTTP]
Accept-Language permanent [RFC9110, Section 12.5.4: HTTP Semantics]
Accept-Patch permanent [RFC 5789: PATCH Method for HTTP]
Accept-Post permanent [Linked Data Platform 1.0]
Accept-Ranges permanent [RFC9110, Section 14.3: HTTP Semantics]
Accept-Signature permanent [RFC 9421, Section 5.1: HTTP Message Signatures]
Access-Control obsoleted [Access Control for Cross-site Requests]
Access-Control-Allow-Credentials permanent [Fetch]
Access-Control-Allow-Headers permanent [Fetch]
Access-Control-Allow-Methods permanent [Fetch]
Access-Control-Allow-Origin permanent [Fetch]
Access-Control-Expose-Headers permanent [Fetch]
Access-Control-Max-Age permanent [Fetch]
Access-Control-Request-Headers permanent [Fetch]
Access-Control-Request-Method permanent [Fetch]
Activate-Storage-Access provisional Item [https://privacycg.github.io/storage-access-headers]
Age permanent [RFC9111, Section 5.1: HTTP Caching]
Allow permanent [RFC9110, Section 10.2.1: HTTP Semantics]
ALPN permanent [RFC 7639, Section 2: The ALPN HTTP Header Field]
Alt-Svc permanent [RFC 7838: HTTP Alternative Services]
Alt-Used permanent [RFC 7838: HTTP Alternative Services]
Alternates permanent [RFC 2295: Transparent Content Negotiation in HTTP]
AMP-Cache-Transform provisional [AMP-Cache-Transform HTTP request header]
Apply-To-Redirect-Ref permanent [RFC 4437: Web Distributed Authoring and Versioning (WebDAV) Redirect Reference Resources]
Authentication-Control permanent [RFC 8053, Section 4: HTTP Authentication Extensions for Interactive Clients]
Authentication-Info permanent [RFC9110, Section 11.6.3: HTTP Semantics]
Authorization permanent [RFC9110, Section 11.6.2: HTTP Semantics]
Available-Dictionary permanent [RFC-ietf-httpbis-compression-dictionary-19, Section 2.2: Compression Dictionary Transport]
C-Ext obsoleted [RFC 2774: An HTTP Extension Framework] [Status change of HTTP experiments to Historic]
C-Man obsoleted [RFC 2774: An HTTP Extension Framework] [Status change of HTTP experiments to Historic]
C-Opt obsoleted [RFC 2774: An HTTP Extension Framework] [Status change of HTTP experiments to Historic]
C-PEP obsoleted [PEP - an Extension Mechanism for HTTP] [Status change of HTTP experiments to Historic]
C-PEP-Info deprecated [PEP - an Extension Mechanism for HTTP] [Status change of HTTP experiments to Historic]
Cache-Control permanent [RFC9111, Section 5.2]
Cache-Status permanent List [RFC9211: The Cache-Status HTTP Response Header Field]
Cal-Managed-ID permanent [RFC 8607, Section 5.1: Calendaring Extensions to WebDAV (CalDAV): Managed Attachments]
CalDAV-Timezones permanent [RFC 7809, Section 7.1: Calendaring Extensions to WebDAV (CalDAV): Time Zones by Reference]
Capsule-Protocol permanent [RFC9297]
CDN-Cache-Control permanent Dictionary [RFC9213: Targeted HTTP Cache Control] Cache directives targeted at content delivery networks
CDN-Loop permanent [RFC 8586: Loop Detection in Content Delivery Networks (CDNs)]
Cert-Not-After permanent [RFC 8739, Section 3.3: Support for Short-Term, Automatically Renewed (STAR) Certificates in the Automated Certificate Management Environment (ACME)]
Cert-Not-Before permanent [RFC 8739, Section 3.3: Support for Short-Term, Automatically Renewed (STAR) Certificates in the Automated Certificate Management Environment (ACME)]
Clear-Site-Data permanent [Clear Site Data]
Client-Cert permanent Item [RFC9440, Section 2: Client-Cert HTTP Header Field]
Client-Cert-Chain permanent List [RFC9440, Section 2: Client-Cert HTTP Header Field]
Close permanent [RFC9112, Section 9.6: HTTP/1.1] (reserved)
CMCD-Object provisional [CTA][CTA-5004 Common Media Client Data]
CMCD-Request provisional [CTA][CTA-5004 Common Media Client Data]
CMCD-Session provisional [CTA][CTA-5004 Common Media Client Data]
CMCD-Status provisional [CTA][CTA-5004 Common Media Client Data]
CMSD-Dynamic provisional [CTA][CTA-5006 Common Media Server Data (CMSD)]
CMSD-Static provisional [CTA][CTA-5006 Common Media Server Data (CMSD)]
Concealed-Auth-Export permanent Item [RFC9729: The Concealed HTTP Authentication Scheme]
Configuration-Context provisional [OSLC Configuration Management Version 1.0. Part 3: Configuration Specification]
Connection permanent [RFC9110, Section 7.6.1: HTTP Semantics]
Content-Base obsoleted [RFC 2068: Hypertext Transfer Protocol -- HTTP/1.1] Obsoleted by [RFC 2616: Hypertext Transfer Protocol -- HTTP/1.1]
Content-Digest permanent [RFC 9530, Section 2: Digest Fields]
Content-Disposition permanent [RFC 6266: Use of the Content-Disposition Header Field in the Hypertext Transfer Protocol (HTTP)]
Content-Encoding permanent [RFC9110, Section 8.4: HTTP Semantics]
Content-ID deprecated [The HTTP Distribution and Replication Protocol]
Content-Language permanent [RFC9110, Section 8.5: HTTP Semantics]
Content-Length permanent [RFC9110, Section 8.6: HTTP Semantics]
Content-Location permanent [RFC9110, Section 8.7: HTTP Semantics]
Content-MD5 obsoleted [RFC 2616, Section 14.15: Hypertext Transfer Protocol -- HTTP/1.1] Obsoleted by [RFC 7231, Appendix B: Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content]
Content-Range permanent [RFC9110, Section 14.4: HTTP Semantics]
Content-Script-Type obsoleted [HTML 4.01 Specification]
Content-Security-Policy permanent [Content Security Policy Level 3]
Content-Security-Policy-Report-Only permanent [Content Security Policy Level 3]
Content-Style-Type obsoleted [HTML 4.01 Specification]
Content-Type permanent [RFC9110, Section 8.3: HTTP Semantics]
Content-Version obsoleted [RFC 2068: Hypertext Transfer Protocol -- HTTP/1.1]
Cookie permanent [RFC 6265: HTTP State Management Mechanism]
Cookie2 obsoleted [RFC 2965: HTTP State Management Mechanism] Obsoleted by [RFC 6265: HTTP State Management Mechanism]
Cross-Origin-Embedder-Policy permanent Item [HTML]
Cross-Origin-Embedder-Policy-Report-Only permanent Item [HTML]
Cross-Origin-Opener-Policy permanent Item [HTML]
Cross-Origin-Opener-Policy-Report-Only permanent Item [HTML]
Cross-Origin-Resource-Policy permanent [Fetch]
CTA-Common-Access-Token provisional [CTA][Chris_Lemmons]
DASL permanent [RFC 5323: Web Distributed Authoring and Versioning (WebDAV) SEARCH]
Date permanent [RFC9110, Section 6.6.1: HTTP Semantics]
DAV permanent [RFC 4918: HTTP Extensions for Web Distributed Authoring and Versioning (WebDAV)]
Default-Style obsoleted [HTML 4.01 Specification]
Delta-Base permanent [RFC 3229: Delta encoding in HTTP]
Deprecation permanent Item [RFC9745, Section 2: The Deprecation HTTP Response Header Field]
Depth permanent [RFC 4918: HTTP Extensions for Web Distributed Authoring and Versioning (WebDAV)]
Derived-From obsoleted [RFC 2068: Hypertext Transfer Protocol -- HTTP/1.1]
Destination permanent [RFC 4918: HTTP Extensions for Web Distributed Authoring and Versioning (WebDAV)]
Detached-JWS permanent [RFC 9635: Grant Negotiation and Authorization Protocol (GNAP)]
Differential-ID deprecated [The HTTP Distribution and Replication Protocol]
Dictionary-ID permanent [RFC-ietf-httpbis-compression-dictionary-19, Section 2.3: Compression Dictionary Transport]
Digest obsoleted [RFC 3230: Instance Digests in HTTP] Obsoleted by [RFC 9530, Section 1.3: Digest Fields]
DPoP permanent [RFC9449: OAuth 2.0 Demonstrating Proof of Possession (DPoP)]
DPoP-Nonce permanent [RFC9449: OAuth 2.0 Demonstrating Proof of Possession (DPoP)]
Early-Data permanent [RFC 8470: Using Early Data in HTTP]
EDIINT-Features provisional [RFC 6017: Electronic Data Interchange - Internet Integration (EDIINT) Features Header Field]
ETag permanent [RFC9110, Section 8.8.3: HTTP Semantics]
Expect permanent [RFC9110, Section 10.1.1: HTTP Semantics]
Expect-CT deprecated [RFC9163: Expect-CT Extension for HTTP] Obsoleted by [IESG] [HTTPBIS]
Expires permanent [RFC9111, Section 5.3: HTTP Caching]
Ext obsoleted [RFC 2774: An HTTP Extension Framework] [Status change of HTTP experiments to Historic]
Forwarded permanent [RFC 7239: Forwarded HTTP Extension]
From permanent [RFC9110, Section 10.1.2: HTTP Semantics]
GetProfile obsoleted [Implementation of OPS Over HTTP]
Hobareg permanent [RFC 7486, Section 6.1.1: HTTP Origin-Bound Authentication (HOBA)]
Host permanent [RFC9110, Section 7.2: HTTP Semantics]
HTTP2-Settings obsoleted [RFC 7540, Section 3.2.1: Hypertext Transfer Protocol Version 2 (HTTP/2)] Obsolete; see Section 11.1 of [RFC9113]
If permanent [RFC 4918: HTTP Extensions for Web Distributed Authoring and Versioning (WebDAV)]
If-Match permanent [RFC9110, Section 13.1.1: HTTP Semantics]
If-Modified-Since permanent [RFC9110, Section 13.1.3: HTTP Semantics]
If-None-Match permanent [RFC9110, Section 13.1.2: HTTP Semantics]
If-Range permanent [RFC9110, Section 13.1.5: HTTP Semantics]
If-Schedule-Tag-Match permanent [ RFC 6338: Scheduling Extensions to CalDAV]
If-Unmodified-Since permanent [RFC9110, Section 13.1.4: HTTP Semantics]
IM permanent [RFC 3229: Delta encoding in HTTP]
Include-Referred-Token-Binding-ID permanent [RFC 8473: Token Binding over HTTP]
Isolation provisional [OData Version 4.01 Part 1: Protocol][OASIS][Chet_Ensign]
Keep-Alive permanent [RFC 2068: Hypertext Transfer Protocol -- HTTP/1.1]
Label permanent [RFC 3253: Versioning Extensions to WebDAV: (Web Distributed Authoring and Versioning)]
Last-Event-ID permanent [HTML]
Last-Modified permanent [RFC9110, Section 8.8.2: HTTP Semantics]
Link permanent [RFC 8288: Web Linking]
Link-Template permanent [RFC 9652: The Link-Template HTTP Header Field]
Location permanent [RFC9110, Section 10.2.2: HTTP Semantics]
Lock-Token permanent [RFC 4918: HTTP Extensions for Web Distributed Authoring and Versioning (WebDAV)]
Man obsoleted [RFC 2774: An HTTP Extension Framework] [Status change of HTTP experiments to Historic]
Max-Forwards permanent [RFC9110, Section 7.6.2: HTTP Semantics]
Memento-Datetime permanent [RFC 7089: HTTP Framework for Time-Based Access to Resource States -- Memento]
Meter permanent [RFC 2227: Simple Hit-Metering and Usage-Limiting for HTTP]
Method-Check obsoleted [Access Control for Cross-site Requests]
Method-Check-Expires obsoleted [Access Control for Cross-site Requests]
MIME-Version permanent [RFC9112, Appendix B.1: HTTP/1.1]
Negotiate permanent [RFC 2295: Transparent Content Negotiation in HTTP]
NEL permanent [Network Error Logging]
OData-EntityId permanent [OData Version 4.01 Part 1: Protocol][OASIS][Chet_Ensign]
OData-Isolation permanent [OData Version 4.01 Part 1: Protocol][OASIS][Chet_Ensign]
OData-MaxVersion permanent [OData Version 4.01 Part 1: Protocol][OASIS][Chet_Ensign]
OData-Version permanent [OData Version 4.01 Part 1: Protocol][OASIS][Chet_Ensign]
Opt obsoleted [RFC 2774: An HTTP Extension Framework] [Status change of HTTP experiments to Historic]
Optional-WWW-Authenticate permanent [RFC 8053, Section 3: HTTP Authentication Extensions for Interactive Clients]
Ordering-Type permanent [RFC 3648: Web Distributed Authoring and Versioning (WebDAV) Ordered Collections Protocol]
Origin permanent [RFC 6454: The Web Origin Concept]
Origin-Agent-Cluster permanent Item [HTML]
OSCORE permanent [RFC 8613, Section 11.1: Object Security for Constrained RESTful Environments (OSCORE)]
OSLC-Core-Version permanent [OASIS Project Specification 01][OASIS][Chet_Ensign]
Overwrite permanent [RFC 4918: HTTP Extensions for Web Distributed Authoring and Versioning (WebDAV)]
P3P obsoleted [The Platform for Privacy Preferences 1.0 (P3P1.0) Specification]
PEP obsoleted [PEP - an Extension Mechanism for HTTP]
PEP-Info obsoleted [PEP - an Extension Mechanism for HTTP]
Permissions-Policy provisional [Permissions Policy]
PICS-Label obsoleted [PICS Label Distribution Label Syntax and Communication Protocols]
Ping-From permanent [HTML]
Ping-To permanent [HTML]
Position permanent [RFC 3648: Web Distributed Authoring and Versioning (WebDAV) Ordered Collections Protocol]
Pragma deprecated [RFC9111, Section 5.4: HTTP Caching]
Prefer permanent [RFC 7240: Prefer Header for HTTP]
Preference-Applied permanent [RFC 7240: Prefer Header for HTTP]
Priority permanent Dictionary [RFC9218: Extensible Prioritization Scheme for HTTP]
ProfileObject obsoleted [Implementation of OPS Over HTTP]
Protocol obsoleted [PICS Label Distribution Label Syntax and Communication Protocols]
Protocol-Info deprecated [White Paper: Joint Electronic Payment Initiative]
Protocol-Query deprecated [White Paper: Joint Electronic Payment Initiative]
Protocol-Request obsoleted [PICS Label Distribution Label Syntax and Communication Protocols]
Proxy-Authenticate permanent [RFC9110, Section 11.7.1: HTTP Semantics]
Proxy-Authentication-Info permanent [RFC9110, Section 11.7.3: HTTP Semantics]
Proxy-Authorization permanent [RFC9110, Section 11.7.2: HTTP Semantics]
Proxy-Features obsoleted [Notification for Proxy Caches]
Proxy-Instruction obsoleted [Notification for Proxy Caches]
Proxy-Status permanent List [RFC9209: The Proxy-Status HTTP Response Header Field]
Public obsoleted [RFC 2068: Hypertext Transfer Protocol -- HTTP/1.1]
Public-Key-Pins permanent [RFC 7469: Public Key Pinning Extension for HTTP]
Public-Key-Pins-Report-Only permanent [RFC 7469: Public Key Pinning Extension for HTTP]
Range permanent [RFC9110, Section 14.2: HTTP Semantics]
Redirect-Ref permanent [RFC 4437: Web Distributed Authoring and Versioning (WebDAV) Redirect Reference Resources]
Referer permanent [RFC9110, Section 10.1.3: HTTP Semantics]
Referer-Root obsoleted [Access Control for Cross-site Requests]
Referrer-Policy permanent [Referrer Policy] The header name does not share the HTTP Referer header's misspelling.
Refresh permanent [HTML]
Repeatability-Client-ID provisional [Repeatable Requests Version 1.0][OASIS][Chet_Ensign]
Repeatability-First-Sent provisional [Repeatable Requests Version 1.0][OASIS][Chet_Ensign]
Repeatability-Request-ID provisional [Repeatable Requests Version 1.0][OASIS][Chet_Ensign]
Repeatability-Result provisional [Repeatable Requests Version 1.0][OASIS][Chet_Ensign]
Replay-Nonce permanent [RFC 8555, Section 6.5.1: Automatic Certificate Management Environment (ACME)]
Reporting-Endpoints provisional [Reporting API]
Repr-Digest permanent [RFC 9530, Section 3: Digest Fields]
Retry-After permanent [RFC9110, Section 10.2.3: HTTP Semantics]
Safe obsoleted [RFC 2310: The Safe Response Header Field] [Status change of HTTP experiments to Historic]
Schedule-Reply permanent [RFC 6638: Scheduling Extensions to CalDAV]
Schedule-Tag permanent [RFC 6338: Scheduling Extensions to CalDAV]
Sec-Fetch-Dest Permanent Item [https://www.w3.org/TR/fetch-metadata/#sec-fetch-dest-header]
Sec-Fetch-Mode Permanent Item [https://www.w3.org/TR/fetch-metadata/#sec-fetch-mode-header]
Sec-Fetch-Site Permanent Item [https://www.w3.org/TR/fetch-metadata/#sec-fetch-site-header]
Sec-Fetch-Storage-Access provisional Token [https://privacycg.github.io/storage-access-headers]
Sec-Fetch-User Permanent Item [https://www.w3.org/TR/fetch-metadata/#sec-fetch-user-header]
Sec-GPC provisional [Global Privacy Control (GPC)]
Sec-Purpose permanent [Fetch] Intended to replace the (not registered) Purpose and x-moz headers.
Sec-Token-Binding permanent [RFC 8473: Token Binding over HTTP]
Sec-WebSocket-Accept permanent [RFC 6455: The WebSocket Protocol]
Sec-WebSocket-Extensions permanent [RFC 6455: The WebSocket Protocol]
Sec-WebSocket-Key permanent [RFC 6455: The WebSocket Protocol]
Sec-WebSocket-Protocol permanent [RFC 6455: The WebSocket Protocol]
Sec-WebSocket-Version permanent [RFC 6455: The WebSocket Protocol]
Security-Scheme obsoleted [RFC 2660: The Secure HyperText Transfer Protocol] [Status change of HTTP experiments to Historic]
Server permanent [RFC9110, Section 10.2.4: HTTP Semantics]
Server-Timing permanent [Server Timing]
Set-Cookie permanent [RFC 6265: HTTP State Management Mechanism]
Set-Cookie2 obsoleted [RFC 2965: HTTP State Management Mechanism] Obsoleted by [RFC 6265: HTTP State Management Mechanism]
SetProfile obsoleted [Implementation of OPS Over HTTP]
Signature permanent [RFC 9421, Section 4.2: HTTP Message Signatures]
Signature-Input permanent [RFC 9421, Section 4.1: HTTP Message Signatures]
SLUG permanent [RFC 5023: The Atom Publishing Protocol]
SoapAction permanent [Simple Object Access Protocol (SOAP) 1.1]
Status-URI permanent [RFC 2518: HTTP Extensions for Distributed Authoring -- WEBDAV]
Strict-Transport-Security permanent [RFC 6797: HTTP Strict Transport Security (HSTS)]
Sunset permanent [RFC 8594: The Sunset HTTP Header Field]
Surrogate-Capability provisional [Edge Architecture Specification]
Surrogate-Control provisional [Edge Architecture Specification]
TCN permanent [RFC 2295: Transparent Content Negotiation in HTTP]
TE permanent [RFC9110, Section 10.1.4: HTTP Semantics]
Timeout permanent [RFC 4918: HTTP Extensions for Web Distributed Authoring and Versioning (WebDAV)]
Timing-Allow-Origin provisional [Resource Timing Level 1]
Topic permanent [RFC 8030, Section 5.4: Generic Event Delivery Using HTTP Push]
Traceparent permanent [Trace Context]
Tracestate permanent [Trace Context]
Trailer permanent [RFC9110, Section 6.6.2: HTTP Semantics]
Transfer-Encoding permanent [RFC9112, Section 6.1: HTTP Semantics]
TTL permanent [RFC 8030, Section 5.2: Generic Event Delivery Using HTTP Push]
Upgrade permanent [RFC9110, Section 7.8: HTTP Semantics]
Urgency permanent [RFC 8030, Section 5.3: Generic Event Delivery Using HTTP Push]
URI obsoleted [RFC 2068: Hypertext Transfer Protocol -- HTTP/1.1]
Use-As-Dictionary permanent [RFC-ietf-httpbis-compression-dictionary-19, Section 2.1: Compression Dictionary Transport]
User-Agent permanent [RFC9110, Section 10.1.5: HTTP Semantics]
Variant-Vary permanent [RFC 2295: Transparent Content Negotiation in HTTP]
Vary permanent [RFC9110, Section 12.5.5: HTTP Semantics]
Via permanent [RFC9110, Section 7.6.3: HTTP Semantics]
Want-Content-Digest permanent [RFC 9530, Section 4: Digest Fields]
Want-Digest obsoleted [RFC 3230: Instance Digests in HTTP] Obsoleted by [RFC 9530, Section 1.3: Digest Fields]
Want-Repr-Digest permanent [RFC 9530, Section 4: Digest Fields]
Warning obsoleted [RFC9111, Section 5.5: HTTP Caching]
WWW-Authenticate permanent [RFC9110, Section 11.6.1: HTTP Semantics]
X-Content-Type-Options permanent [Fetch]
X-Frame-Options permanent [HTML]
* permanent [RFC9110, Section 12.5.5: HTTP Semantics] (reserved)

Contact Information

ID Name Organization Contact URI Last Updated
[Chet_Ensign] Chet Ensign mailto:chet.ensign&oasis-open.org 2020-09-01
[Chris_Lemmons] Chris Lemmons mailto:Chris_Lemmons&comcast.com 2024-08-06
[CTA] Consumer Technology Association mailto:standards&cta.tech 2024-08-07
[OASIS] OASIS https://www.oasis-open.org