HTTP手册: https://developer.mozilla.org/zh-CN/docs/Web/HTTP/Headers

汇总

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
X-Api-Version
Accept-Charset
Accept-Datetime
Accept-Encoding
Accept-Language
Cookie
Forwarded
Forwarded-For
Forwarded-For-Ip
Forwarded-Proto
From
TE
True-Client-IP
Upgrade
User-Agent
Via
Warning
X-Api-Version
Max-Forwards
Origin
Pragma
DNT
Cache-Control
X-Att-Deviceid
X-ATT-DeviceId
X-Correlation-ID
X-Csrf-Token
X-CSRFToken
X-Do-Not-Track
X-Foo
X-Foo-Bar
X-Forwarded
X-Forwarded-By
X-Forwarded-For
X-Forwarded-For-Original
X-Forwarded-Host
X-Forwarded-Port
X-Forwarded-Proto
X-Forwarded-Protocol
X-Forwarded-Scheme
X-Forwarded-Server
X-Forwarded-Ssl
X-Forwarder-For
X-Forward-For
X-Forward-Proto
X-Frame-Options
X-From
X-Geoip-Country
X-Http-Destinationurl
X-Http-Host-Override
X-Http-Method
X-Http-Method-Override
X-HTTP-Method-Override
X-Http-Path-Override
X-Https
X-Htx-Agent
X-Hub-Signature
X-If-Unmodified-Since
X-Imbo-Test-Config
X-Insight
X-Ip
X-Ip-Trail
X-ProxyUser-Ip
X-Requested-With
X-Request-ID
X-UIDH
X-Wap-Profile
X-XSRF-TOKEN

Referer

1
请求的来源网页

X-Frame-Options:

1
2
3
4
5
给浏览器指示是否允许页面通过<iframe><frame>等标签进行嵌套,避免点击劫持

值为deny时,禁止任何页面嵌套该页面
值为sameorigin时,仅允许相同域名页面嵌套该页面
allow-frame [网址],仅允许指定页面嵌套该页面

X-Forwarded-For

1
获取客户端的IP地址,最左端的IP地址表示最初发起的客户端IP地址

Content-Type

1
实体头部用于指示资源的MIME类型