Common response headers
Some response headers are common to all S3 compatible API requests, while some are specific to certain requests. The table below describes some of the common response headers.
Content-Length
The size, in bytes, of the response body if HCP can determine the size before formulating the response.
If the response does not include a response body, the value of the
Content-Length
header is0
(zero).Content-Type
The Internet media type of the response body if HCP can determine the Internet media type. If HCP cannot determine the Internet media type, the value of this header is
application/octet-stream
.Because HCP returns error information in a response body, the response to any request can include a
Content-Type
header.Date
The date and time when HCP responded to the request, in Greenwich Mean Time (GMT). The date and time are returned in this format:
DDD dd MMM yyyy HH:mm:ss GMT
For example:
Fri, 18 Sep 2020 14:27:05 GMT
Transfer-Encoding
Always
chunked
. This header is returned if the response includes a response body but HCP cannot determine the size of the response body before formulating the response.Because HCP returns error information in a response body, the response to any request can include a
Transfer-Encoding
header.
Some common response headers address browser security concerns. These headers have fixed values. The table below describes these headers.
Cache-Control
Specifies directives that must be obeyed by all caching mechanisms along the request/response chain
Values: no-cache, no-store, must-revalidate
Content-Security-Policy
Restricts the content that the browser can load to the sources specified by the header value
Values: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; connect-src 'self'; img-src 'self'; style-src 'self' 'unsafe-inline'; object-src 'self'; frame-ancestors 'self';
Expires
Causes the response to become stale immediately after it is sent
Value: Thu, 01 Jan 1970 00:00:00 GMT
Pragma
Prevents the response from being used for subsequent requests for the same resource without the browser first checking whether the resource has changed
Value: no-cache
X-Content-Type-Options
Prevents the browser from examining the returned content to determine the content MIME type
Value: nosniff
X-DNS-Prefetch-Control
Prevents the browser from performing domain name resolution on URLs embedded in returned content before the URLs are requested
Value: off
X-Download-Options
Prevents the browser from opening resources that are downloaded through links in the returned content
Value: noopen
X-Frame-Options
Prevents the browser from rendering the returned content in a frame on a page containing content not returned by the HCP system
X-XSS-Protection
Stops the browser from loading the returned content if the browser detects reflected cross-site scripting (XSS) in the response
Values: 1; mode=block
For information about request-specific response headers, see the "Response header" topic for each type of operation you can perform with the S3 compatible API.
- HCP can also return several standard HTTP response headers that are not described in this book. Among others, these include
Connection
,Content-Disposition
,Content-Encoding
, and
. For more information about HTTP response headers, see the HTTP/1.1 standards (RFCs 7230 through 7237).Content-Language
- The
Cache-Control
andExpires
headers are not returned with error responses.