Common HTTP response headers
HTTP requests return some common response headers that address browser security concerns. The next table describes some of these common headers.
Header | Value | Description |
Cache-Control |
| Specifies directives that must be obeyed by all caching mechanisms along the request/response chain |
Content-Security- Policy |
| Restricts the content that the browser can load to the sources specified by the header value |
Expires | Thu, 01 Jan 1970 00:00:00 GMT | Causes the response to become stale immediately after it is sent |
Pragma | no-cache | Prevents the response from being used for subsequent requests for the same resource without the browser first checking whether the resource has changed |
X-Content-Type- Options | nosniff | Prevents the browser from examining the returned content to determine the content MIME type |
X-DNS-Prefetch- Control | off | Prevents the browser from performing domain name resolution on URLs embedded in returned content before the URLs are requested |
X-Download- Options | noopen | Prevents the browser from opening resources that are downloaded through links in the returned content |
X-Frame-Options | SAMEORIGIN | Prevents the browser from rendering the returned content in a frame on a page containing content not returned by the HCP system |
X-XSS-Protection | 1 ; mode=block | Stops the browser from loading the returned content if the browser detects reflected cross-site scripting (XSS) in the response |
HCP can also return several standard HTTP response headers that are not described in the help, including Connection
, Content-Disposition
, Content-Encoding
, and Content-Language
. For more information about HTTP response headers, see the HTTP/1.1 standards, RFCs 7230 through 7237.