developer.mozilla.org
Open in
urlscan Pro
2600:1901:0:ab4c::
Public Scan
URL:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Server
Submission: On August 12 via api from SA — Scanned from DE
Submission: On August 12 via api from SA — Scanned from DE
Form analysis 1 forms found in the DOM
/en-US/search
<form action="/en-US/search" class="search-form search-widget" id="top-nav-search-form" role="search"><label id="top-nav-search-label" for="top-nav-search-input" class="visually-hidden">Search MDN</label><input aria-activedescendant=""
aria-autocomplete="list" aria-controls="top-nav-search-menu" aria-expanded="false" aria-labelledby="top-nav-search-label" autocomplete="off" id="top-nav-search-input" role="combobox" type="search" class="search-input-field" name="q"
placeholder=" " required="" value=""><button type="button" class="button action has-icon clear-search-button"><span class="button-wrap"><span class="icon icon-cancel "></span><span class="visually-hidden">Clear search
input</span></span></button><button type="submit" class="button action has-icon search-button"><span class="button-wrap"><span class="icon icon-search "></span><span class="visually-hidden">Search</span></span></button>
<div id="top-nav-search-menu" role="listbox" aria-labelledby="top-nav-search-label"></div>
</form>Text Content
* Skip to main content
* Skip to search
* Skip to select language
See what your team could do with The DevSecOps Platform. Take GitLab for a
spin.30 day free trialMozilla ads
Don't want to see ads?
MDN Web DocsOpen main menu
* ReferencesReferences
* Overview / Web Technology
Web technology reference for developers
* HTML
Structure of content on the web
* CSS
Code used to describe document style
* JavaScript
General-purpose scripting language
* HTTP
Protocol for transmitting web resources
* Web APIs
Interfaces for building web applications
* Web Extensions
Developing extensions for web browsers
* Web Technology
Web technology reference for developers
* GuidesGuides
* Overview / MDN Learning Area
Learn web development
* MDN Learning Area
Learn web development
* HTML
Learn to structure web content with HTML
* CSS
Learn to style content using CSS
* JavaScript
Learn to run scripts in the browser
* Accessibility
Learn to make the web accessible to all
* PlusPlus
* Overview
A customized MDN experience
* AI Help
Get real-time assistance and support
* Updates
All browser compatibility updates at a glance
* Documentation
Learn how to use MDN Plus
* FAQ
Frequently asked questions about MDN Plus
* Curriculum
* Blog
* Tools New
* Playground
Write, test and share your code
*
New
HTTP Observatory
Scan a website for free
* AI Help
Get real-time assistance and support
Search MDNClear search inputSearch
Theme
* Log in
* Sign up for free
1. References
2. HTTP
3. HTTP headers
4. Server
Article Actions
* English (US)
* Español
* Français
* 日本語
* 한국어
* Português (do Brasil)
* 中文 (简体)
* 正體中文 (繁體)
Filter sidebarClear filter input
IN THIS ARTICLE
* Syntax
* Directives
* Examples
* Specifications
* Browser compatibility
* See also
1. HTTP
2. Guides
3. Resources and URIs
1. Identifying resources on the Web
2. Data URLs
3. Introduction to MIME types
4. Common MIME types
5. Choosing between www and non-www URLs
4. HTTP guide
1. Basics of HTTP
2. Overview of HTTP
3. Evolution of HTTP
4. HTTP Messages
5. A typical HTTP session
6. Connection management in HTTP/1.x
7. Protocol upgrade mechanism
5. HTTP security
1. Content Security Policy (CSP)
2. HTTP Strict Transport Security (HSTS)
3. X-Content-Type-Options
4. X-Frame-Options
5. X-XSS-Protection
6. Practical security implementation guides
7. HTTP Observatory
6. HTTP access control (CORS)
7. HTTP authentication
8. HTTP caching
9. HTTP compression
10. HTTP conditional requests
11. HTTP content negotiation
12. HTTP cookies
13. HTTP range requests
14. HTTP redirects
15. HTTP specifications
16. Permissions Policy
17. References
18. HTTP headers
1. Accept
2. Accept-CH
3. Accept-Charset
4. Accept-Encoding
5. Accept-Language
6. Accept-Patch
7. Accept-Post
8. Accept-Ranges
9. Access-Control-Allow-Credentials
10. Access-Control-Allow-Headers
11. Access-Control-Allow-Methods
12. Access-Control-Allow-Origin
13. Access-Control-Expose-Headers
14. Access-Control-Max-Age
15. Access-Control-Request-Headers
16. Access-Control-Request-Method
17. Age
18. Allow
19. Alt-Svc
20. Alt-Used
21. Attribution-Reporting-Eligible Experimental
22. Attribution-Reporting-Register-Source Experimental
23. Attribution-Reporting-Register-Trigger Experimental
24. Authorization
25. Cache-Control
26. Clear-Site-Data
27. Connection
28. Content-Digest Experimental
29. Content-Disposition
30. Content-DPR Non-standard Deprecated
31. Content-Encoding
32. Content-Language
33. Content-Length
34. Content-Location
35. Content-Range
36. Content-Security-Policy
37. Content-Security-Policy-Report-Only
38. Content-Type
39. Cookie
40. Critical-CH Experimental
41. Cross-Origin-Embedder-Policy
42. Cross-Origin-Opener-Policy
43. Cross-Origin-Resource-Policy
44. Date
45. Device-Memory
46. Digest Non-standard Deprecated
47. DNT Non-standard Deprecated
48. Downlink Experimental
49. DPR Non-standard Deprecated
50. Early-Data Experimental
51. ECT Experimental
52. ETag
53. Expect
54. Expect-CT
55. Expires
56. Forwarded
57. From
58. Host
59. If-Match
60. If-Modified-Since
61. If-None-Match
62. If-Range
63. If-Unmodified-Since
64. Keep-Alive
65. Last-Modified
66. Link
67. Location
68. Max-Forwards
69. NEL Experimental
70. No-Vary-Search Experimental
71. Observe-Browsing-Topics Experimental Non-standard
72. Origin
73. Origin-Agent-Cluster Experimental
74. Permissions-Policy
75. Pragma Deprecated
76. Priority
77. Proxy-Authenticate
78. Proxy-Authorization
79. Range
80. Referer
81. Referrer-Policy
82. Reporting-Endpoints
83. Repr-Digest Experimental
84. Retry-After
85. RTT Experimental
86. Save-Data Experimental
87. Sec-Browsing-Topics Experimental Non-standard
88. Sec-CH-Prefers-Color-Scheme Experimental
89. Sec-CH-Prefers-Reduced-Motion Experimental
90. Sec-CH-Prefers-Reduced-Transparency Experimental
91. Sec-CH-UA Experimental
92. Sec-CH-UA-Arch Experimental
93. Sec-CH-UA-Bitness Experimental
94. Sec-CH-UA-Full-Version Deprecated
95. Sec-CH-UA-Full-Version-List Experimental
96. Sec-CH-UA-Mobile Experimental
97. Sec-CH-UA-Model Experimental
98. Sec-CH-UA-Platform Experimental
99. Sec-CH-UA-Platform-Version Experimental
100. Sec-Fetch-Dest
101. Sec-Fetch-Mode
102. Sec-Fetch-Site
103. Sec-Fetch-User
104. Sec-GPC Experimental Non-standard
105. Sec-Purpose
106. Sec-WebSocket-Accept
107. Server
108. Server-Timing
109. Service-Worker-Navigation-Preload
110. Set-Cookie
111. Set-Login Experimental
112. SourceMap
113. Speculation-Rules Experimental
114. Strict-Transport-Security
115. Supports-Loading-Mode Experimental
116. TE
117. Timing-Allow-Origin
118. Tk Non-standard Deprecated
119. Trailer
120. Transfer-Encoding
121. Upgrade
122. Upgrade-Insecure-Requests
123. User-Agent
124. Vary
125. Via
126. Viewport-Width Non-standard Deprecated
127. Want-Content-Digest Experimental
128. Want-Digest Non-standard Deprecated
129. Want-Repr-Digest Experimental
130. Warning Deprecated
131. Width Non-standard Deprecated
132. WWW-Authenticate
133. X-Content-Type-Options
134. X-DNS-Prefetch-Control Non-standard
135. X-Forwarded-For Non-standard
136. X-Forwarded-Host Non-standard
137. X-Forwarded-Proto Non-standard
138. X-Frame-Options
139. X-XSS-Protection Non-standard
19. HTTP request methods
1. CONNECT
2. DELETE
3. GET
4. HEAD
5. OPTIONS
6. PATCH
7. POST
8. PUT
9. TRACE
20. HTTP response status codes
1. 100 Continue
2. 101 Switching Protocols
3. 102 Processing
4. 103 Early Hints
5. 200 OK
6. 201 Created
7. 202 Accepted
8. 203 Non-Authoritative Information
9. 204 No Content
10. 205 Reset Content
11. 206 Partial Content
12. 207 Multi-Status
13. 208 Already Reported
14. 226 IM Used
15. 300 Multiple Choices
16. 301 Moved Permanently
17. 302 Found
18. 303 See Other
19. 304 Not Modified
20. 307 Temporary Redirect
21. 308 Permanent Redirect
22. 400 Bad Request
23. 401 Unauthorized
24. 402 Payment Required
25. 403 Forbidden
26. 404 Not Found
27. 405 Method Not Allowed
28. 406 Not Acceptable
29. 407 Proxy Authentication Required
30. 408 Request Timeout
31. 409 Conflict
32. 410 Gone
33. 411 Length Required
34. 412 Precondition Failed
35. 413 Content Too Large
36. 414 URI Too Long
37. 415 Unsupported Media Type
38. 416 Range Not Satisfiable
39. 417 Expectation Failed
40. 418 I'm a teapot
41. 421 Misdirected Request
42. 422 Unprocessable Content
43. 423 Locked
44. 424 Failed Dependency
45. 425 Too Early
46. 426 Upgrade Required
47. 428 Precondition Required
48. 429 Too Many Requests
49. 431 Request Header Fields Too Large
50. 451 Unavailable For Legal Reasons
51. 500 Internal Server Error
52. 501 Not Implemented
53. 502 Bad Gateway
54. 503 Service Unavailable
55. 504 Gateway Timeout
56. 505 HTTP Version Not Supported
57. 506 Variant Also Negotiates
58. 507 Insufficient Storage
59. 508 Loop Detected
60. 510 Not Extended
61. 511 Network Authentication Required
21. CSP directives
1. CSP source values
2. CSP: base-uri
3. CSP: block-all-mixed-content Deprecated
4. CSP: child-src
5. CSP: connect-src
6. CSP: default-src
7. CSP: fenced-frame-src Experimental
8. CSP: font-src
9. CSP: form-action
10. CSP: frame-ancestors
11. CSP: frame-src
12. CSP: img-src
13. CSP: manifest-src
14. CSP: media-src
15. CSP: object-src
16. CSP: prefetch-src Non-standard Deprecated
17. CSP: report-to
18. CSP: report-uri Deprecated
19. CSP: require-trusted-types-for Experimental
20. CSP: sandbox
21. CSP: script-src
22. CSP: script-src-attr
23. CSP: script-src-elem
24. CSP: style-src
25. CSP: style-src-attr
26. CSP: style-src-elem
27. CSP: trusted-types Experimental
28. CSP: upgrade-insecure-requests
29. CSP: worker-src
22. CORS errors
1. Reason: CORS disabled
2. Reason: CORS header 'Access-Control-Allow-Origin' does not match 'xyz'
3. Reason: CORS header 'Access-Control-Allow-Origin' missing
4. Reason: CORS header 'Origin' cannot be added
5. Reason: CORS preflight channel did not succeed
6. Reason: CORS request did not succeed
7. Reason: CORS request external redirect not allowed
8. Reason: CORS request not HTTP
9. Reason: Credential is not supported if the CORS header
'Access-Control-Allow-Origin' is '*'
10. Reason: Did not find method in CORS header
'Access-Control-Allow-Methods'
11. Reason: expected 'true' in CORS header
'Access-Control-Allow-Credentials'
12. Reason: invalid token 'xyz' in CORS header
'Access-Control-Allow-Headers'
13. Reason: invalid token 'xyz' in CORS header
'Access-Control-Allow-Methods'
14. Reason: missing token 'xyz' in CORS header
'Access-Control-Allow-Headers' from CORS preflight channel
15. Reason: Multiple CORS header 'Access-Control-Allow-Origin' not allowed
23. Permissions-Policy directives
1. Permissions-Policy: accelerometer Experimental
2. Permissions-Policy: ambient-light-sensor Experimental
3. Permissions-Policy: attribution-reporting Experimental
4. Permissions-Policy: autoplay Experimental
5. Permissions-Policy: bluetooth Experimental
6. Permissions-Policy: browsing-topics Experimental Non-standard
7. Permissions-Policy: camera
8. Permissions-Policy: compute-pressure Experimental
9. Permissions-Policy: display-capture
10. Permissions-Policy: document-domain Experimental
11. Permissions-Policy: encrypted-media Experimental
12. Permissions-Policy: fullscreen
13. Permissions-Policy: gamepad Experimental
14. Permissions-Policy: geolocation
15. Permissions-Policy: gyroscope Experimental
16. Permissions-Policy: hid Experimental
17. Permissions-Policy: identity-credentials-get Experimental
18. Permissions-Policy: idle-detection Experimental
19. Permissions-Policy: local-fonts Experimental
20. Permissions-Policy: magnetometer Experimental
21. Permissions-Policy: microphone
22. Permissions-Policy: midi Experimental
23. Permissions-Policy: otp-credentials Experimental
24. Permissions-Policy: payment Experimental
25. Permissions-Policy: picture-in-picture Experimental
26. Permissions-Policy: publickey-credentials-create Experimental
27. Permissions-Policy: publickey-credentials-get
28. Permissions-Policy: screen-wake-lock
29. Permissions-Policy: serial Experimental
30. Permissions-Policy: speaker-selection Experimental
31. Permissions-Policy: storage-access Experimental
32. Permissions-Policy: usb Experimental
33. Permissions-Policy: web-share
34. Permissions-Policy: window-management Experimental
35. Permissions-Policy: xr-spatial-tracking Experimental
Privacy by MozillaSecure your data and browse without restrictions with
Mozilla's open source VPN.Get Mozilla VPN
Ad
Don't want to see ads?
IN THIS ARTICLE
* Syntax
* Directives
* Examples
* Specifications
* Browser compatibility
* See also
Privacy by MozillaSecure your data and browse without restrictions with
Mozilla's open source VPN.Get Mozilla VPN
Ad
Don't want to see ads?
SERVER
The Server header describes the software used by the origin server that handled
the request — that is, the server that generated the response.
Warning: Avoid overly-detailed Server values, as they can reveal information
that may make it (slightly) easier for attackers to exploit known security
holes.
Header type Response header Forbidden header name no
SYNTAX
httpCopy to Clipboard
Server: <product>
DIRECTIVES
<product>
A name of the software or the product that handled the request. Usually in a
format similar to User-Agent.
How much detail to include is an interesting balance to strike; exposing the OS
version is probably a bad idea, as mentioned in the earlier warning about
overly-detailed values. However, exposed Apache versions helped browsers to work
around a bug of the versions with Content-Encoding and Range in combination.
EXAMPLES
httpCopy to Clipboard
Server: Apache/2.4.1 (Unix)
SPECIFICATIONS
SpecificationHTTP Semantics
# field.server
BROWSER COMPATIBILITY
Report problems with this compatibility data on GitHub
desktopmobile
Chrome
Edge
Firefox
Opera
Safari
Chrome Android
Firefox for Android
Opera Android
Safari on iOS
Samsung Internet
WebView Android
Server
Full support
Chrome1
Toggle history
Full support
Edge12
Toggle history
Full support
Firefox1
Toggle history
Full support
Opera15
Toggle history
Full support
Safari1
Toggle history
Full support
Chrome Android18
Toggle history
Full support
Firefox for Android4
Toggle history
Full support
Opera Android14
Toggle history
Full support
Safari on iOS1
Toggle history
Full support
Samsung Internet1.0
Toggle history
Full support
WebView Android4.4
Toggle history
LEGEND
Tip: you can click/tap on a cell for more information.
Full supportFull support
The compatibility table on this page is generated from structured data. If you'd
like to contribute to the data, please check out
https://github.com/mdn/browser-compat-data and send us a pull request.
SEE ALSO
* Allow
HELP IMPROVE MDN
Was this page helpful to you?
YesNo
Learn how to contribute.
This page was last modified on Jul 25, 2024 by MDN contributors.
View this page on GitHub • Report a problem with this content
Mozilla adsDon't want to see ads?
MDN logo
Your blueprint for a better internet.
* MDN on Mastodon
* MDN on X (formerly Twitter)
* MDN on GitHub
* MDN Blog RSS Feed
MDN
* About
* Blog
* Careers
* Advertise with us
SUPPORT
* Product help
* Report an issue
OUR COMMUNITIES
* MDN Community
* MDN Forum
* MDN Chat
DEVELOPERS
* Web Technologies
* Learn Web Development
* MDN Plus
* Hacks Blog
Mozilla logo
* Website Privacy Notice
* Cookies
* Legal
* Community Participation Guidelines
Visit Mozilla Corporation’s not-for-profit parent, the Mozilla Foundation.
Portions of this content are ©1998–2024 by individual mozilla.org contributors.
Content available under a Creative Commons license.