HTML

Structure of content on the web

  • Web APIs

    Interfaces for building web applications

  • Learn
  • HTTP Observatory

    Scan a website for free

  • HTTP
  • HTTP
  • A typical HTTP session
  • HTTP caching
  • HTTP conditional requests
  • Protocol upgrade mechanism
  • HTTP Observatory
  • Permissions Policy
  • CORS errors
    1. Reason: CORS header 'Origin' cannot be added
    2. Reason: CORS request not HTTP
    3. Reason: invalid token 'xyz' in CORS header 'Access-Control-Allow-Headers'
    4. Reference
    5. Accept-Encoding
    6. Accept-Ranges
    7. Access-Control-Allow-Origin
    8. Access-Control-Request-Method
    9. Alt-Used
    10. Attribution-Reporting-Eligible
    11. Attribution-Reporting-Register-Source
    12. Attribution-Reporting-Register-Trigger
    13. Connection
    14. Content-DPR
    15. Content-Location
    16. Content-Type
    17. Critical-CH
    18. Date
    19. DNT
    20. Downlink
    21. DPR
    22. Early-Data
    23. ECT
    24. Expect-CT
    25. Host
    26. If-Range
    27. Link
    28. NEL
    29. No-Vary-Search
    30. Observe-Browsing-Topics
    31. Origin-Agent-Cluster
    32. Permissions-Policy
    33. Pragma
    34. Range
    35. Report-To
    36. Reporting-Endpoints
    37. RTT
    38. Save-Data
    39. Sec-Browsing-Topics
    40. Sec-CH-Prefers-Color-Scheme
    41. Sec-CH-Prefers-Reduced-Motion
    42. Sec-CH-Prefers-Reduced-Transparency
    43. Sec-CH-UA
    44. Sec-CH-UA-Arch
    45. Sec-CH-UA-Bitness
    46. Sec-CH-UA-Form-Factors
    47. Sec-CH-UA-Full-Version
    48. Sec-CH-UA-Full-Version-List
    49. Sec-CH-UA-Mobile
    50. Sec-CH-UA-Model
    51. Sec-CH-UA-Platform
    52. Sec-CH-UA-Platform-Version
    53. Sec-CH-UA-WoW64
    54. Sec-Fetch-User
    55. Sec-GPC
    56. Sec-WebSocket-Key
    57. Server-Timing
    58. Set-Cookie
    59. Set-Login
    60. Speculation-Rules
    61. Supports-Loading-Mode
    62. Tk
    63. Upgrade-Insecure-Requests
    64. Viewport-Width
    65. Warning
    66. Width
    67. X-DNS-Prefetch-Control
    68. X-Forwarded-For
    69. X-Forwarded-Host
    70. X-Forwarded-Proto
    71. X-Permitted-Cross-Domain-Policies
    72. X-Powered-By
    73. X-Robots-Tag
    74. X-XSS-Protection
  • GET
  • POST
  • 100 Continue
  • 200 OK
  • 204 No Content
  • 208 Already Reported
  • 302 Found
  • 308 Permanent Redirect
  • 403 Forbidden
  • 407 Proxy Authentication Required
  • 411 Length Required
  • 415 Unsupported Media Type
  • 421 Misdirected Request
  • 425 Too Early
  • 431 Request Header Fields Too Large
  • 502 Bad Gateway
  • 506 Variant Also Negotiates
  • 511 Network Authentication Required
  • CSP: block-all-mixed-content
  • CSP: fenced-frame-src
  • CSP: frame-src
  • CSP: object-src
  • CSP: prefetch-src
  • CSP: report-uri
  • CSP: script-src-attr
  • CSP: style-src-elem
  • Permissions-Policy directives
    1. Permissions-Policy: accelerometer
    2. Permissions-Policy: ambient-light-sensor
    3. Permissions-Policy: attribution-reporting
    4. Permissions-Policy: autoplay
    5. Permissions-Policy: bluetooth
    6. Permissions-Policy: browsing-topics
    7. Permissions-Policy: camera
    8. Permissions-Policy: compute-pressure
    9. Permissions-Policy: cross-origin-isolated
    10. Permissions-Policy: display-capture
    11. Permissions-Policy: document-domain
    12. Permissions-Policy: encrypted-media
    13. Permissions-Policy: fullscreen
    14. Permissions-Policy: gamepad
    15. Permissions-Policy: geolocation
    16. Permissions-Policy: gyroscope
    17. Permissions-Policy: hid
    18. Permissions-Policy: identity-credentials-get
    19. Permissions-Policy: idle-detection
    20. Permissions-Policy: local-fonts
    21. Permissions-Policy: magnetometer
    22. Permissions-Policy: microphone
    23. Permissions-Policy: midi
    24. Permissions-Policy: otp-credentials
    25. Permissions-Policy: payment
    26. Permissions-Policy: picture-in-picture
    27. Permissions-Policy: publickey-credentials-create
    28. Permissions-Policy: publickey-credentials-get
    29. Permissions-Policy: screen-wake-lock
    30. Permissions-Policy: serial
    31. Permissions-Policy: speaker-selection
    32. Permissions-Policy: storage-access
    33. Permissions-Policy: usb
    34. Permissions-Policy: web-share
    35. Permissions-Policy: window-management
    36. Permissions-Policy: xr-spatial-tracking
  • experimental technology
    Check the Browser compatibility table carefully before using this in production.

    • The HTTP Save-Data network client hint which indicates the client's preference for reduced data usage. This could be for reasons such as high transfer costs, slow connection speeds, etc.

    Save-Data is a Accept-CH response header. Further, it should be used to reduce data sent to the client irrespective of the values of other client hints that indicate network capability, like RTT.

    A value of On indicates explicit user opt-in into a reduced data usage mode on the client. When communicated to origins, this allows them to deliver alternative content to reduce the data downloaded such as smaller image and video resources, different markup and styling, disabled polling and automatic updates, and so on.

    Note: Disabling HTTP/2 Server Push (RFC 7540, section 8.2: Server Push) may reduce data downloads. Note that this feature is no longer supported by default in most major browser engines.

    Header type Request header, Client hint
    Forbidden request header No
    CORS-safelisted response header No

    Syntax

    http
    Save-Data: <sd-token>

    Directives

    <sd-token>

    A value indicating whether the client wants to opt in to reduced data usage mode. on indicates yes, while off (the default) indicates no.

    Examples

    Using Save-Data: on

    The following message requests a resource with Save-Data header indicating the client is opting in to reduced data mode:

    http
    GET /image.jpg HTTP/1.1
Host: example.com
Save-Data: on

    The server responds with a 200 response, and the Vary header indicates that Save-Data may have been used to create the response, and caches should be aware of this header to differentiate responses:

    http
    HTTP/1.1 200 OK
Content-Length: 102832
Vary: Accept-Encoding, Save-Data
Cache-Control: public, max-age=31536000
Content-Type: image/jpeg

[…]

    Omitting Save-Data

    In this case, the client requests the same resource without the Save-Data header:

    http
    GET /image.jpg HTTP/1.1
Host: example.com

    The server's response provides the full version of the content. The Vary header ensures that responses should be separately cached based on the value of the Save-Data header. This can ensure that the user is not served a lower-quality image from the cache when the Save-Data header is no longer present (e.g., after having switched from cellular to Wi-Fi).

    http
    HTTP/1.1 200 OK
Content-Length: 481770
Vary: Accept-Encoding, Save-Data
Cache-Control: public, max-age=31536000
Content-Type: image/jpeg

[…]

    Specifications

    Specification
    Save Data API
    # save-data-request-header-field

    Browser compatibility

    See also