Sec-WebSocket-Accept
The Sec-WebSocket-Accept HTTP response header is used in the WebSocket opening handshake to indicate that the server is willing to upgrade to a WebSocket connection.
This header must appear no more than once in the response, and has a directive value that is calculated from the Sec-WebSocket-Key
request header sent in the corresponding request.
Header type | Response header |
---|---|
Forbidden header name | yes |
Syntax
Sec-WebSocket-Accept: <hashed key>
Directives
- <hashed key>
-
If a
Sec-WebSocket-Key
header was provided, the value of this header is computed by taking the value of the key, concatenating the string258EAFA5-E914-47DA-95CA-C5AB0DC85B11
, and taking the SHA-1 hash of that concatenated string — resulting in a 20-byte value. That value is then base64 encoded to obtain the value of this property.
Examples
The client will initiate a WebSocket handshake with a request like the following.
Note that this starts as an HTTP GET
request (HTTP/1.1 or later) and includes the Upgrade
header indicating the intent to upgrade to a web socket.
It also includes Sec-WebSocket-Key
, which is used in the calculation of Sec-WebSocket-Accept
to confirm the intent to upgrade the connection to a web socket.
GET /chat HTTP/1.1
Host: example.com:8000
Upgrade: websocket
Connection: Upgrade
Sec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==
Sec-WebSocket-Version: 13
The response from the server should include the Sec-WebSocket-Accept
header with a value that is calculated from the Sec-WebSocket-Key
header in the request, and confirms the intent to upgrade the connection to a web socket:
HTTP/1.1 101 Switching Protocols
Upgrade: websocket
Connection: Upgrade
Sec-WebSocket-Accept: s3pPLMBiTxaQ9kYGzzhZRbK+xOo=
Specifications
Specification |
---|
Unknown specification # section-11.3.3 |
Browser compatibility
BCD tables only load in the browser