/mdn2/en-US/docs/Web/HTTP/Headers
Accept-CH Accept-Charset Accept-Encoding Accept-Language Accept-Patch Accept-Post Accept-Ranges Accept Access-Control-Allow-Credentials Access-Control-Allow-Headers Access-Control-Allow-Methods Access-Control-Allow-Origin Access-Control-Expose-Headers Access-Control-Max-Age Access-Control-Request-Headers Access-Control-Request-Method Age Allow Alt-Svc Alt-Used Attribution-Reporting-Eligible Attribution-Reporting-Register-Source Attribution-Reporting-Register-Trigger Authorization Cache-Control Clear-Site-Data Connection Content-Digest Content-Disposition Content-DPR Content-Encoding Content-Language Content-Length Content-Location Content-Range Content-Security-Policy-Report-Only Content-Security-Policy Content-Type Cookie Critical-CH Cross-Origin-Embedder-Policy Cross-Origin-Opener-Policy Cross-Origin-Resource-Policy Date Device-Memory Digest DNT Downlink DPR Early-Data ECT ETag Expect-CT Expect Expires Forwarded From Host If-Match If-Modified-Since If-None-Match If-Range If-Unmodified-Since Keep-Alive Last-Modified Link Location Max-Forwards NEL No-Vary-Search Observe-Browsing-Topics Origin-Agent-Cluster Origin Permissions-Policy Pragma Priority Proxy-Authenticate Proxy-Authorization Range Referer Referrer-Policy Report-To Reporting-Endpoints Repr-Digest Retry-After RTT Save-Data Sec-Browsing-Topics Sec-CH-Prefers-Color-Scheme Sec-CH-Prefers-Reduced-Motion Sec-CH-Prefers-Reduced-Transparency Sec-CH-UA-Arch Sec-CH-UA-Bitness Sec-CH-UA-Full-Version-List Sec-CH-UA-Full-Version Sec-CH-UA-Mobile Sec-CH-UA-Model Sec-CH-UA-Platform-Version Sec-CH-UA-Platform Sec-CH-UA Sec-Fetch-Dest Sec-Fetch-Mode Sec-Fetch-Site Sec-Fetch-User Sec-GPC Sec-Purpose Sec-WebSocket-Accept Sec-WebSocket-Key Server-Timing Server Service-Worker-Navigation-Preload Set-Cookie Set-Login SourceMap Speculation-Rules Strict-Transport-Security Supports-Loading-Mode TE Timing-Allow-Origin Tk Trailer Transfer-Encoding Upgrade-Insecure-Requests Upgrade User-Agent Vary Via Viewport-Width Want-Content-Digest Want-Digest Want-Repr-Digest Warning Width WWW-Authenticate X-Content-Type-Options X-DNS-Prefetch-Control X-Forwarded-For X-Forwarded-Host X-Forwarded-Proto X-Frame-Options X-XSS-Protection
/mdn2/en-US/docs/Web/HTTP/Headers/Content-Security-PolicyContent-Security-Policy
base-uri block-all-mixed-content child-src connect-src default-src fenced-frame-src font-src form-action frame-ancestors frame-src img-src manifest-src media-src object-src prefetch-src report-to report-uri require-trusted-types-for sandbox script-src-attr script-src-elem script-src Sources style-src-attr style-src-elem style-src trusted-types upgrade-insecure-requests worker-src
/mdn2/en-US/docs/Web/HTTP/Headers/Permissions-PolicyPermissions-Policy
accelerometer ambient-light-sensor attribution-reporting autoplay bluetooth browsing-topics camera compute-pressure display-capture document-domain encrypted-media fullscreen gamepad geolocation gyroscope hid identity-credentials-get idle-detection local-fonts magnetometer microphone midi otp-credentials payment picture-in-picture publickey-credentials-create publickey-credentials-get screen-wake-lock serial speaker-selection storage-access usb web-share window-management xr-spatial-tracking
/mdn2/en-US/docs/Web/HTTP/Headers/User-AgentUser-Agent
Firefox