Http header force download

Sign in to vote. Monday, September 21, PM. User posted Thanks for the info, ruslany. Tuesday, September 22, AM. Thursday, November 12, AM. Wednesday, February 10, PM. In this example, the specific header line is Content-Disposition: attachment. Let's take a look at the headers to see why:. It is worth noting that while the name of the file can be chosen programmatically with the HTTP headers, the directory path itself may not be.

We'll take a look now at how the header can be added. Learn more about CORS here. Access-Control-Allow-Origin Indicates whether the response can be shared.

Access-Control-Allow-Credentials Indicates whether the response to the request can be exposed when the credentials flag is true. Access-Control-Allow-Methods Specifies the methods allowed when accessing the resource in response to a preflight request.

Access-Control-Expose-Headers Indicates which headers can be exposed as part of the response by listing their names. Access-Control-Max-Age Indicates how long the results of a preflight request can be cached.

Access-Control-Request-Headers Used when issuing a preflight request to let the server know which HTTP headers will be used when the actual request is made. Access-Control-Request-Method Used when issuing a preflight request to let the server know which HTTP method will be used when the actual request is made.

Origin Indicates where a fetch originates from. Timing-Allow-Origin Specifies origins that are allowed to see values of attributes retrieved via features of the Resource Timing API , which would otherwise be reported as zero due to cross-origin restrictions. Content-Length The size of the resource, in decimal number of bytes. Content-Type Indicates the media type of the resource. Content-Encoding Used to specify the compression algorithm. Content-Language Describes the human language s intended for the audience, so that it allows a user to differentiate according to the users' own preferred language.

Content-Location Indicates an alternate location for the returned data. Forwarded Contains information from the client-facing side of proxy servers that is altered or lost when a proxy is involved in the path of the request. X-Forwarded-Host Identifies the original host requested that a client used to connect to your proxy or load balancer. Via Added by proxies, both forward and reverse proxies, and can appear in the request headers and the response headers.

Location Indicates the URL to redirect a page to. From Contains an Internet email address for a human user who controls the requesting user agent. Host Specifies the domain name of the server for virtual hosting , and optionally the TCP port number on which the server is listening.

Referer The address of the previous web page from which a link to the currently requested page was followed. Referrer-Policy Governs which referrer information sent in the Referer header should be included with requests made. User-Agent Contains a characteristic string that allows the network protocol peers to identify the application type, operating system, software vendor or software version of the requesting software user agent.

Server Contains information about the software used by the origin server to handle the request. Accept-Ranges Indicates if the server supports range requests, and if so in which unit the range can be expressed.

Range Indicates the part of a document that the server should return. If-Range Creates a conditional range request that is only fulfilled if the given etag or date matches the remote resource.

Content-Range Indicates where in a full body message a partial message belongs. Content-Security-Policy-Report-Only Allows web developers to experiment with policies by monitoring, but not enforcing, their effects. Feature-Policy Provides a mechanism to allow and deny the use of browser features in its own frame, and in iframes that it embeds.

Origin-Isolation Provides a mechanism to allow web applications to isolate their origins. X-Download-Options The X-Download-Options HTTP header indicates that the browser Internet Explorer should not display the option to "Open" a file that has been downloaded from an application, to prevent phishing attacks as the file otherwise would gain access to execute in the context of the application.

X-Powered-By May be set by hosting environments or other frameworks and contains information about them while not providing any usefulness to the application or its visitors.

Public-Key-Pins Associates a specific cryptographic public key with a certain web server to decrease the risk of MITM attacks with forged certificates. Public-Key-Pins-Report-Only Sends reports to the report-uri specified in the header and does still allow clients to connect to the server even if the pinning is violated. Sec-Fetch-Site It is a request header that indicates the relationship between a request initiator's origin and its target's origin. Sec-Fetch-Mode It is a request header that indicates the request's mode to a server.

Sec-Fetch-User It is a request header that indicates whether or not a navigation request was triggered by user activation. Sec-Fetch-Dest It is a request header that indicates the request's destination to a server. Transfer-Encoding Specifies the form of encoding used to safely transfer the resource to the user.

TE Specifies the transfer encodings the user agent is willing to accept. Trailer Allows the sender to include additional fields at the end of chunked message. Accept-Push-Policy A client can express the desired push policy for a request by sending an Accept-Push-Policy header field in the request.

Accept-Signature A client can send the Accept-Signature header field to indicate intention to take advantage of any available signatures and to indicate what kinds of signatures it supports. Alt-Svc Used to list alternate ways to reach this service. Date Contains the date and time at which the message was originated. Cite this Article Format.

Kyrnin, Jennifer. Your Privacy Rights. To change or withdraw your consent choices for ThoughtCo. At any time, you can update your settings through the "EU Privacy" link at the bottom of any page. These choices will be signaled globally to our partners and will not affect browsing data. We and our partners process data to: Actively scan device characteristics for identification. I Accept Show Purposes.