OCAPI Global HTTP headers 19.10

The following table lists all OCAPI global HTTP headers:

Header Name Type Syntax Description
Accept-Charset Request
Accept-Charset: <charset>
Accept-Charset: utf-8
Indicates which character set the client is able to understand. See RFC 7231, section 5.3.3: Accept-Charset.
Access-Control-Allow-Credentials Response
Access-Control-Allow-Credentials: <boolean>
Access-Control-Allow-Credentials: true
Used in the context of a CORS request. Indicates whether or not the actual request can be made using credentials. See Fetch, http-access-control-allow-credentials.
Access-Control-Allow-Headers Response
Access-Control-Allow-Headers: <header-name>, <header-name>, ...
Used in the context of a CORS pre-flight request. Indicates which HTTP headers can be used during the actual request. See Fetch, http-access-control-allow-headers.
Access-Control-Allow-Methods Response
Access-Control-Allow-Methods: <http-method>, <http-method>, ...
Used in the context of a CORS pre-flight request. Specifies the method or methods allowed in the actual request. See Fetch, http-access-control-allow-methods.
Access-Control-Allow-Origin Response
Access-Control-Allow-Origin: <origin>
Used in the context of a CORS pre-flight request. Indicates whether the response can be shared with resources with the given origin. See Fetch, http-access-control-allow-origin.
Access-Control-Expose-Headers Response
Access-Control-Expose-Headers: <header-name>, <header-name>, ...
Used in the context of a CORS request. Indicates which HTTP headers can be exposed as part of the response. See Fetch, http-access-control-expose-headers.
Access-Control-Max-Age Response
Access-Control-Max-Age: <delta-seconds>
Used in the context of a CORS pre-flight request. Indicates how long the results of a pre-flight request can be cached on the client side. See Fetch, http-access-control-max-age.
Access-Control-Request-Headers Request
Access-Control-Request-Headers: <header-name>, <header-name>, ...
Used in the context of a CORS pre-flight request. Lets the server know which HTTP headers will be used when the actual request is made. See Fetch, http-access-control-request-headers.
Access-Control-Request-Method Request
Access-Control-Request-Method: <http-method>
Used in the context of a CORS pre-flight request. Lets the server know which HTTP method will be used when the actual request is made. See Fetch, http-access-control-request-method.
Allow Response
Allow: <http-methods>
Lists the HTTP methods supported by an OCAPI resource. See RFC 7231, section 7.4.1: Allow.
Authorization Request
Authorization: <type> <credentials>
Contains the credentials to authenticate a user and/or client application with a server. See RFC 7235, section 4.2: Authorization.
Cache-Control Request
Cache-Control: no-cache, no-store, must-revalidate
Cache-Control: max-age=<seconds>
Specifies directives for caching mechanisms in both requests and responses. See Hypertext Transfer Protocol (HTTP/1.1): Caching.
Content-Length Request, Response
Content-Length: <length>
Indicates the size of the entity-body, in bytes. See RFC 7231, section 3.3.2: Content-Length.
Content-Type Request, Response
Content-Type: application/json; charset=utf-8
Content-Type: application/xml;
Indicates the request or response message media type. See RFC 7231, section 3.1.1.5: Content-Type.
DNT Request, Response
DNT: 0
DNT: 1
Controls shopper tracking. See IETF: Draft Do-Not-Track.
Location Response
Location: <url>
Indicates the URL of a new created resource via HTTP 201 (created) status. See RFC 7231, section 7.1.2: Location.
Origin Request
Origin: <scheme> "://" <hostname> [ ":" <port> ]
Origin: https://api-explorer.commercecloud.salesforce.com
Used in the context of a CORS request. Indicates the origin of a fetch. See RFC 6454, section 7: Origin.
x-dw-client-id Request
x-dw-client-id: <client-id>
Informs the OCAPI server about the client application making the request.
x-dw-http-method-override Request
x-dw-http-method-override: <http-method>
Overrides the actual HTTP method. See Override HTTP method.
x-dw-pretty-print Request
x-dw-pretty-print: <boolean>
x-dw-pretty-print: true
Indicates whether the server should format the response payload in nice way.
x-dw-resource-state Request, Response
x-dw-resource-state: <resource-state>
In the context of a request, indicates the expected state of a resource. In the context of a response, indicates the last known state of a resource. Used for optimistic locking. See Resource States.
x-dw-version-status Response
x-dw-version-status: [current|deprecated|obsolete]
Indicates the version status of the requested OCAPI resource.