Hypertext Transfer Protocol (HTTP) Field Name Registry

Created: 2021-10-01
Last Updated: 2024-10-07
Available Formats: XML
HTML
Plain text

Registry included below

Hypertext Transfer Protocol (HTTP) Field Name Registry

Hypertext Transfer Protocol (HTTP) Field Name Registry

Registration Procedure(s)

Specification Required for Permanent registrations,
Expert Review for Provisional registrations.

Expert(s)

Mark Nottingham, Roy Fielding

Reference

[RFC9110][RFC9651]

Note

See Section 16.3 of [RFC9110] for more
information on defining and registering new HTTP Fields.

Note

New field names, along with changes to existing ones, can be 
requested using the [registry interface] or the mailing list
defined in [RFC9110].

Note

The "Structured Type" column indicates the type of the field (per 
[RFC9651]),  if any, and may be "Dictionary", "List", or "Item".

Note that field names beginning with characters other than ALPHA
or "*" will not be able to be represented as a Structured Fields
Token and therefore may be incompatible with being mapped into
field values that refer to it.

Available Formats

CSV

Field Name	Status	Structured Type	Reference	Comments
A-IM	permanent		[RFC 3229: Delta encoding in HTTP]
Accept	permanent		[RFC9110, Section 12.5.1: HTTP Semantics]
Accept-Additions	permanent		[RFC 2324: Hyper Text Coffee Pot Control Protocol (HTCPCP/1.0)]
Accept-CH	permanent	List	[RFC 8942, Section 3.1: HTTP Client Hints]
Accept-Charset	deprecated		[RFC9110, Section 12.5.2: HTTP Semantics]
Accept-Datetime	permanent		[RFC 7089: HTTP Framework for Time-Based Access to Resource States -- Memento]
Accept-Encoding	permanent		[RFC9110, Section 12.5.3: HTTP Semantics]
Accept-Features	permanent		[RFC 2295: Transparent Content Negotiation in HTTP]
Accept-Language	permanent		[RFC9110, Section 12.5.4: HTTP Semantics]
Accept-Patch	permanent		[RFC 5789: PATCH Method for HTTP]
Accept-Post	permanent		[Linked Data Platform 1.0]
Accept-Ranges	permanent		[RFC9110, Section 14.3: HTTP Semantics]
Accept-Signature	permanent		[RFC 9421, Section 5.1: HTTP Message Signatures]
Access-Control	obsoleted		[Access Control for Cross-site Requests]
Access-Control-Allow-Credentials	permanent		[Fetch]
Access-Control-Allow-Headers	permanent		[Fetch]
Access-Control-Allow-Methods	permanent		[Fetch]
Access-Control-Allow-Origin	permanent		[Fetch]
Access-Control-Expose-Headers	permanent		[Fetch]
Access-Control-Max-Age	permanent		[Fetch]
Access-Control-Request-Headers	permanent		[Fetch]
Access-Control-Request-Method	permanent		[Fetch]
Age	permanent		[RFC9111, Section 5.1: HTTP Caching]
Allow	permanent		[RFC9110, Section 10.2.1: HTTP Semantics]
ALPN	permanent		[RFC 7639, Section 2: The ALPN HTTP Header Field]
Alt-Svc	permanent		[RFC 7838: HTTP Alternative Services]
Alt-Used	permanent		[RFC 7838: HTTP Alternative Services]
Alternates	permanent		[RFC 2295: Transparent Content Negotiation in HTTP]
AMP-Cache-Transform	provisional		[AMP-Cache-Transform HTTP request header]
Apply-To-Redirect-Ref	permanent		[RFC 4437: Web Distributed Authoring and Versioning (WebDAV) Redirect Reference Resources]
Authentication-Control	permanent		[RFC 8053, Section 4: HTTP Authentication Extensions for Interactive Clients]
Authentication-Info	permanent		[RFC9110, Section 11.6.3: HTTP Semantics]
Authorization	permanent		[RFC9110, Section 11.6.2: HTTP Semantics]
Available-Dictionary	permanent		[RFC-ietf-httpbis-compression-dictionary-19, Section 2.2: Compression Dictionary Transport]
C-Ext	obsoleted		[RFC 2774: An HTTP Extension Framework]	[Status change of HTTP experiments to Historic]
C-Man	obsoleted		[RFC 2774: An HTTP Extension Framework]	[Status change of HTTP experiments to Historic]
C-Opt	obsoleted		[RFC 2774: An HTTP Extension Framework]	[Status change of HTTP experiments to Historic]
C-PEP	obsoleted		[PEP - an Extension Mechanism for HTTP]	[Status change of HTTP experiments to Historic]
C-PEP-Info	deprecated		[PEP - an Extension Mechanism for HTTP]	[Status change of HTTP experiments to Historic]
Cache-Control	permanent		[RFC9111, Section 5.2]
Cache-Status	permanent	List	[RFC9211: The Cache-Status HTTP Response Header Field]
Cal-Managed-ID	permanent		[RFC 8607, Section 5.1: Calendaring Extensions to WebDAV (CalDAV): Managed Attachments]
CalDAV-Timezones	permanent		[RFC 7809, Section 7.1: Calendaring Extensions to WebDAV (CalDAV): Time Zones by Reference]
Capsule-Protocol	permanent		[RFC9297]
CDN-Cache-Control	permanent	Dictionary	[RFC9213: Targeted HTTP Cache Control]	Cache directives targeted at content delivery networks
CDN-Loop	permanent		[RFC 8586: Loop Detection in Content Delivery Networks (CDNs)]
Cert-Not-After	permanent		[RFC 8739, Section 3.3: Support for Short-Term, Automatically Renewed (STAR) Certificates in the Automated Certificate Management Environment (ACME)]
Cert-Not-Before	permanent		[RFC 8739, Section 3.3: Support for Short-Term, Automatically Renewed (STAR) Certificates in the Automated Certificate Management Environment (ACME)]
Clear-Site-Data	permanent		[Clear Site Data]
Client-Cert	permanent	Item	[RFC9440, Section 2: Client-Cert HTTP Header Field]
Client-Cert-Chain	permanent	List	[RFC9440, Section 2: Client-Cert HTTP Header Field]
Close	permanent		[RFC9112, Section 9.6: HTTP/1.1]	(reserved)
CMCD-Object	provisional		[CTA][CTA-5004 Common Media Client Data]
CMCD-Request	provisional		[CTA][CTA-5004 Common Media Client Data]
CMCD-Session	provisional		[CTA][CTA-5004 Common Media Client Data]
CMCD-Status	provisional		[CTA][CTA-5004 Common Media Client Data]
CMSD-Dynamic	provisional		[CTA][CTA-5006 Common Media Server Data (CMSD)]
CMSD-Static	provisional		[CTA][CTA-5006 Common Media Server Data (CMSD)]
Concealed-Auth-Export	permanent	Item	[RFC-ietf-httpbis-unprompted-auth-12: The Concealed HTTP Authentication Scheme]
Configuration-Context	provisional		[OSLC Configuration Management Version 1.0. Part 3: Configuration Specification]
Connection	permanent		[RFC9110, Section 7.6.1: HTTP Semantics]
Content-Base	obsoleted		[RFC 2068: Hypertext Transfer Protocol -- HTTP/1.1]	Obsoleted by [RFC 2616: Hypertext Transfer Protocol -- HTTP/1.1]
Content-Digest	permanent		[RFC 9530, Section 2: Digest Fields]
Content-Disposition	permanent		[RFC 6266: Use of the Content-Disposition Header Field in the Hypertext Transfer Protocol (HTTP)]
Content-Encoding	permanent		[RFC9110, Section 8.4: HTTP Semantics]
Content-ID	deprecated		[The HTTP Distribution and Replication Protocol]
Content-Language	permanent		[RFC9110, Section 8.5: HTTP Semantics]
Content-Length	permanent		[RFC9110, Section 8.6: HTTP Semantics]
Content-Location	permanent		[RFC9110, Section 8.7: HTTP Semantics]
Content-MD5	obsoleted		[RFC 2616, Section 14.15: Hypertext Transfer Protocol -- HTTP/1.1]	Obsoleted by [RFC 7231, Appendix B: Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content]
Content-Range	permanent		[RFC9110, Section 14.4: HTTP Semantics]
Content-Script-Type	obsoleted		[HTML 4.01 Specification]
Content-Security-Policy	permanent		[Content Security Policy Level 3]
Content-Security-Policy-Report-Only	permanent		[Content Security Policy Level 3]
Content-Style-Type	obsoleted		[HTML 4.01 Specification]
Content-Type	permanent		[RFC9110, Section 8.3: HTTP Semantics]
Content-Version	obsoleted		[RFC 2068: Hypertext Transfer Protocol -- HTTP/1.1]
Cookie	permanent		[RFC 6265: HTTP State Management Mechanism]
Cookie2	obsoleted		[RFC 2965: HTTP State Management Mechanism]	Obsoleted by [RFC 6265: HTTP State Management Mechanism]
Cross-Origin-Embedder-Policy	permanent	Item	[HTML]
Cross-Origin-Embedder-Policy-Report-Only	permanent	Item	[HTML]
Cross-Origin-Opener-Policy	permanent	Item	[HTML]
Cross-Origin-Opener-Policy-Report-Only	permanent	Item	[HTML]
Cross-Origin-Resource-Policy	permanent		[Fetch]
CTA-Common-Access-Token	provisional		[CTA][Chris_Lemmons]
DASL	permanent		[RFC 5323: Web Distributed Authoring and Versioning (WebDAV) SEARCH]
Date	permanent		[RFC9110, Section 6.6.1: HTTP Semantics]
DAV	permanent		[RFC 4918: HTTP Extensions for Web Distributed Authoring and Versioning (WebDAV)]
Default-Style	obsoleted		[HTML 4.01 Specification]
Delta-Base	permanent		[RFC 3229: Delta encoding in HTTP]
Deprecation	permanent	Item	[RFC-ietf-httpapi-deprecation-header-09, Section 2: The Deprecation HTTP Response Header Field]
Depth	permanent		[RFC 4918: HTTP Extensions for Web Distributed Authoring and Versioning (WebDAV)]
Derived-From	obsoleted		[RFC 2068: Hypertext Transfer Protocol -- HTTP/1.1]
Destination	permanent		[RFC 4918: HTTP Extensions for Web Distributed Authoring and Versioning (WebDAV)]
Differential-ID	deprecated		[The HTTP Distribution and Replication Protocol]
Dictionary-ID	permanent		[RFC-ietf-httpbis-compression-dictionary-19, Section 2.3: Compression Dictionary Transport]
Digest	obsoleted		[RFC 3230: Instance Digests in HTTP]	Obsoleted by [RFC 9530, Section 1.3: Digest Fields]
DPoP	permanent		[RFC9449: OAuth 2.0 Demonstrating Proof of Possession (DPoP)]
DPoP-Nonce	permanent		[RFC9449: OAuth 2.0 Demonstrating Proof of Possession (DPoP)]
Early-Data	permanent		[RFC 8470: Using Early Data in HTTP]
EDIINT-Features	provisional		[RFC 6017: Electronic Data Interchange - Internet Integration (EDIINT) Features Header Field]
ETag	permanent		[RFC9110, Section 8.8.3: HTTP Semantics]
Expect	permanent		[RFC9110, Section 10.1.1: HTTP Semantics]
Expect-CT	deprecated		[RFC9163: Expect-CT Extension for HTTP]	Obsoleted by [IESG] [HTTPBIS]
Expires	permanent		[RFC9111, Section 5.3: HTTP Caching]
Ext	obsoleted		[RFC 2774: An HTTP Extension Framework]	[Status change of HTTP experiments to Historic]
Forwarded	permanent		[RFC 7239: Forwarded HTTP Extension]
From	permanent		[RFC9110, Section 10.1.2: HTTP Semantics]
GetProfile	obsoleted		[Implementation of OPS Over HTTP]
Hobareg	permanent		[RFC 7486, Section 6.1.1: HTTP Origin-Bound Authentication (HOBA)]
Host	permanent		[RFC9110, Section 7.2: HTTP Semantics]
HTTP2-Settings	obsoleted		[RFC 7540, Section 3.2.1: Hypertext Transfer Protocol Version 2 (HTTP/2)]	Obsolete; see Section 11.1 of [RFC9113]
If	permanent		[RFC 4918: HTTP Extensions for Web Distributed Authoring and Versioning (WebDAV)]
If-Match	permanent		[RFC9110, Section 13.1.1: HTTP Semantics]
If-Modified-Since	permanent		[RFC9110, Section 13.1.3: HTTP Semantics]
If-None-Match	permanent		[RFC9110, Section 13.1.2: HTTP Semantics]
If-Range	permanent		[RFC9110, Section 13.1.5: HTTP Semantics]
If-Schedule-Tag-Match	permanent		[ RFC 6338: Scheduling Extensions to CalDAV]
If-Unmodified-Since	permanent		[RFC9110, Section 13.1.4: HTTP Semantics]
IM	permanent		[RFC 3229: Delta encoding in HTTP]
Include-Referred-Token-Binding-ID	permanent		[RFC 8473: Token Binding over HTTP]
Isolation	provisional		[OData Version 4.01 Part 1: Protocol][OASIS][Chet_Ensign]
Keep-Alive	permanent		[RFC 2068: Hypertext Transfer Protocol -- HTTP/1.1]
Label	permanent		[RFC 3253: Versioning Extensions to WebDAV: (Web Distributed Authoring and Versioning)]
Last-Event-ID	permanent		[HTML]
Last-Modified	permanent		[RFC9110, Section 8.8.2: HTTP Semantics]
Link	permanent		[RFC 8288: Web Linking]
Link-Template	permanent		[RFC 9652: The Link-Template HTTP Header Field]
Location	permanent		[RFC9110, Section 10.2.2: HTTP Semantics]
Lock-Token	permanent		[RFC 4918: HTTP Extensions for Web Distributed Authoring and Versioning (WebDAV)]
Man	obsoleted		[RFC 2774: An HTTP Extension Framework]	[Status change of HTTP experiments to Historic]
Max-Forwards	permanent		[RFC9110, Section 7.6.2: HTTP Semantics]
Memento-Datetime	permanent		[RFC 7089: HTTP Framework for Time-Based Access to Resource States -- Memento]
Meter	permanent		[RFC 2227: Simple Hit-Metering and Usage-Limiting for HTTP]
Method-Check	obsoleted		[Access Control for Cross-site Requests]
Method-Check-Expires	obsoleted		[Access Control for Cross-site Requests]
MIME-Version	permanent		[RFC9112, Appendix B.1: HTTP/1.1]
Negotiate	permanent		[RFC 2295: Transparent Content Negotiation in HTTP]
NEL	permanent		[Network Error Logging]
OData-EntityId	permanent		[OData Version 4.01 Part 1: Protocol][OASIS][Chet_Ensign]
OData-Isolation	permanent		[OData Version 4.01 Part 1: Protocol][OASIS][Chet_Ensign]
OData-MaxVersion	permanent		[OData Version 4.01 Part 1: Protocol][OASIS][Chet_Ensign]
OData-Version	permanent		[OData Version 4.01 Part 1: Protocol][OASIS][Chet_Ensign]
Opt	obsoleted		[RFC 2774: An HTTP Extension Framework]	[Status change of HTTP experiments to Historic]
Optional-WWW-Authenticate	permanent		[RFC 8053, Section 3: HTTP Authentication Extensions for Interactive Clients]
Ordering-Type	permanent		[RFC 3648: Web Distributed Authoring and Versioning (WebDAV) Ordered Collections Protocol]
Origin	permanent		[RFC 6454: The Web Origin Concept]
Origin-Agent-Cluster	permanent	Item	[HTML]
OSCORE	permanent		[RFC 8613, Section 11.1: Object Security for Constrained RESTful Environments (OSCORE)]
OSLC-Core-Version	permanent		[OASIS Project Specification 01][OASIS][Chet_Ensign]
Overwrite	permanent		[RFC 4918: HTTP Extensions for Web Distributed Authoring and Versioning (WebDAV)]
P3P	obsoleted		[The Platform for Privacy Preferences 1.0 (P3P1.0) Specification]
PEP	obsoleted		[PEP - an Extension Mechanism for HTTP]
PEP-Info	obsoleted		[PEP - an Extension Mechanism for HTTP]
Permissions-Policy	provisional		[Permissions Policy]
PICS-Label	obsoleted		[PICS Label Distribution Label Syntax and Communication Protocols]
Ping-From	permanent		[HTML]
Ping-To	permanent		[HTML]
Position	permanent		[RFC 3648: Web Distributed Authoring and Versioning (WebDAV) Ordered Collections Protocol]
Pragma	deprecated		[RFC9111, Section 5.4: HTTP Caching]
Prefer	permanent		[RFC 7240: Prefer Header for HTTP]
Preference-Applied	permanent		[RFC 7240: Prefer Header for HTTP]
Priority	permanent	Dictionary	[RFC9218: Extensible Prioritization Scheme for HTTP]
ProfileObject	obsoleted		[Implementation of OPS Over HTTP]
Protocol	obsoleted		[PICS Label Distribution Label Syntax and Communication Protocols]
Protocol-Info	deprecated		[White Paper: Joint Electronic Payment Initiative]
Protocol-Query	deprecated		[White Paper: Joint Electronic Payment Initiative]
Protocol-Request	obsoleted		[PICS Label Distribution Label Syntax and Communication Protocols]
Proxy-Authenticate	permanent		[RFC9110, Section 11.7.1: HTTP Semantics]
Proxy-Authentication-Info	permanent		[RFC9110, Section 11.7.3: HTTP Semantics]
Proxy-Authorization	permanent		[RFC9110, Section 11.7.2: HTTP Semantics]
Proxy-Features	obsoleted		[Notification for Proxy Caches]
Proxy-Instruction	obsoleted		[Notification for Proxy Caches]
Proxy-Status	permanent	List	[RFC9209: The Proxy-Status HTTP Response Header Field]
Public	obsoleted		[RFC 2068: Hypertext Transfer Protocol -- HTTP/1.1]
Public-Key-Pins	permanent		[RFC 7469: Public Key Pinning Extension for HTTP]
Public-Key-Pins-Report-Only	permanent		[RFC 7469: Public Key Pinning Extension for HTTP]
Range	permanent		[RFC9110, Section 14.2: HTTP Semantics]
Redirect-Ref	permanent		[RFC 4437: Web Distributed Authoring and Versioning (WebDAV) Redirect Reference Resources]
Referer	permanent		[RFC9110, Section 10.1.3: HTTP Semantics]
Referer-Root	obsoleted		[Access Control for Cross-site Requests]
Referrer-Policy	permanent		[Referrer Policy]	The header name does not share the HTTP Referer header's misspelling.
Refresh	permanent		[HTML]
Repeatability-Client-ID	provisional		[Repeatable Requests Version 1.0][OASIS][Chet_Ensign]
Repeatability-First-Sent	provisional		[Repeatable Requests Version 1.0][OASIS][Chet_Ensign]
Repeatability-Request-ID	provisional		[Repeatable Requests Version 1.0][OASIS][Chet_Ensign]
Repeatability-Result	provisional		[Repeatable Requests Version 1.0][OASIS][Chet_Ensign]
Replay-Nonce	permanent		[RFC 8555, Section 6.5.1: Automatic Certificate Management Environment (ACME)]
Reporting-Endpoints	provisional		[Reporting API]
Repr-Digest	permanent		[RFC 9530, Section 3: Digest Fields]
Retry-After	permanent		[RFC9110, Section 10.2.3: HTTP Semantics]
Safe	obsoleted		[RFC 2310: The Safe Response Header Field]	[Status change of HTTP experiments to Historic]
Schedule-Reply	permanent		[RFC 6638: Scheduling Extensions to CalDAV]
Schedule-Tag	permanent		[RFC 6338: Scheduling Extensions to CalDAV]
Sec-GPC	provisional		[Global Privacy Control (GPC)]
Sec-Purpose	permanent		[Fetch]	Intended to replace the (not registered) Purpose and x-moz headers.
Sec-Token-Binding	permanent		[RFC 8473: Token Binding over HTTP]
Sec-WebSocket-Accept	permanent		[RFC 6455: The WebSocket Protocol]
Sec-WebSocket-Extensions	permanent		[RFC 6455: The WebSocket Protocol]
Sec-WebSocket-Key	permanent		[RFC 6455: The WebSocket Protocol]
Sec-WebSocket-Protocol	permanent		[RFC 6455: The WebSocket Protocol]
Sec-WebSocket-Version	permanent		[RFC 6455: The WebSocket Protocol]
Security-Scheme	obsoleted		[RFC 2660: The Secure HyperText Transfer Protocol]	[Status change of HTTP experiments to Historic]
Server	permanent		[RFC9110, Section 10.2.4: HTTP Semantics]
Server-Timing	permanent		[Server Timing]
Set-Cookie	permanent		[RFC 6265: HTTP State Management Mechanism]
Set-Cookie2	obsoleted		[RFC 2965: HTTP State Management Mechanism]	Obsoleted by [RFC 6265: HTTP State Management Mechanism]
SetProfile	obsoleted		[Implementation of OPS Over HTTP]
Signature	permanent		[RFC 9421, Section 4.2: HTTP Message Signatures]
Signature-Input	permanent		[RFC 9421, Section 4.1: HTTP Message Signatures]
SLUG	permanent		[RFC 5023: The Atom Publishing Protocol]
SoapAction	permanent		[Simple Object Access Protocol (SOAP) 1.1]
Status-URI	permanent		[RFC 2518: HTTP Extensions for Distributed Authoring -- WEBDAV]
Strict-Transport-Security	permanent		[RFC 6797: HTTP Strict Transport Security (HSTS)]
Sunset	permanent		[RFC 8594: The Sunset HTTP Header Field]
Surrogate-Capability	provisional		[Edge Architecture Specification]
Surrogate-Control	provisional		[Edge Architecture Specification]
TCN	permanent		[RFC 2295: Transparent Content Negotiation in HTTP]
TE	permanent		[RFC9110, Section 10.1.4: HTTP Semantics]
Timeout	permanent		[RFC 4918: HTTP Extensions for Web Distributed Authoring and Versioning (WebDAV)]
Timing-Allow-Origin	provisional		[Resource Timing Level 1]
Topic	permanent		[RFC 8030, Section 5.4: Generic Event Delivery Using HTTP Push]
Traceparent	permanent		[Trace Context]
Tracestate	permanent		[Trace Context]
Trailer	permanent		[RFC9110, Section 6.6.2: HTTP Semantics]
Transfer-Encoding	permanent		[RFC9112, Section 6.1: HTTP Semantics]
TTL	permanent		[RFC 8030, Section 5.2: Generic Event Delivery Using HTTP Push]
Upgrade	permanent		[RFC9110, Section 7.8: HTTP Semantics]
Urgency	permanent		[RFC 8030, Section 5.3: Generic Event Delivery Using HTTP Push]
URI	obsoleted		[RFC 2068: Hypertext Transfer Protocol -- HTTP/1.1]
Use-As-Dictionary	permanent		[RFC-ietf-httpbis-compression-dictionary-19, Section 2.1: Compression Dictionary Transport]
User-Agent	permanent		[RFC9110, Section 10.1.5: HTTP Semantics]
Variant-Vary	permanent		[RFC 2295: Transparent Content Negotiation in HTTP]
Vary	permanent		[RFC9110, Section 12.5.5: HTTP Semantics]
Via	permanent		[RFC9110, Section 7.6.3: HTTP Semantics]
Want-Content-Digest	permanent		[RFC 9530, Section 4: Digest Fields]
Want-Digest	obsoleted		[RFC 3230: Instance Digests in HTTP]	Obsoleted by [RFC 9530, Section 1.3: Digest Fields]
Want-Repr-Digest	permanent		[RFC 9530, Section 4: Digest Fields]
Warning	obsoleted		[RFC9111, Section 5.5: HTTP Caching]
WWW-Authenticate	permanent		[RFC9110, Section 11.6.1: HTTP Semantics]
X-Content-Type-Options	permanent		[Fetch]
X-Frame-Options	permanent		[HTML]
*	permanent		[RFC9110, Section 12.5.5: HTTP Semantics]	(reserved)

Contact Information

ID	Name	Organization	Contact URI	Last Updated
[Chet_Ensign]	Chet Ensign		mailto:chet.ensign&oasis-open.org	2020-09-01
[Chris_Lemmons]	Chris Lemmons		mailto:Chris_Lemmons&comcast.com	2024-08-06
[CTA]		Consumer Technology Association	mailto:standards&cta.tech	2024-08-07
[OASIS]		OASIS	https://www.oasis-open.org