-
Notifications
You must be signed in to change notification settings - Fork 4
Request headers used
Will Pearson edited this page Mar 6, 2026
·
11 revisions
In order to make further decisions on request headers we decided to keep a list
These were found using git grep headers\\.get and looking at headers sent during a request normally .
The links are indicative they will get out of date, but seemed worth doing.
The following is a list of public facing code bases with headers in each.
Headers potentially used by all flask apps viawerkzeug
- accept-encoding
- Expect
- content-type
- Content-Length
- host
- transfer-encoding
- pragma
- Accept
- Accept-charset
- Accept-language
- Cache-control
- If-Match
- If-None-Match
- If-modified-since
- If-unmodified-since
- If-range
- range
- user-agent
- Authorization
- etag
- location
- last-modified
- X-Forwarded-For
- Any use of session implies cookies, implies the cookie header
Nothing found
Some other headers that are set that we might want for logging or are consumed by other parts of the infra (or by flask). These are sent in normal requests to admin in chrome
- :authority
- :method
- :path
- :scheme
- accept
- accept-language
- cache-control
- cookie
- priority
- referer
- sec-ch-ua
- sec-ch-ua-mobile
- sec-ch-ua-platform
- sec-fetch-dest
- sec-fetch-mode
- sec-fetch-site
- sec-fetch-user
- upgrade-insecure-requests
- user-agent