# OCAPI Global HTTP Headers

The following table lists all OCAPI global HTTP headers:

<table>
<thead>
<tr>
<th>Header Name</th>
<th>Type</th>
<th>Syntax</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td>Accept-Charset</td>
<td>Request</td>
<td>

```txt
Accept-Charset: {charset} Accept-Charset: utf-8
```

</td>
<td>Indicates which character set the client is able to understand. See <a href="https://datatracker.ietf.org/doc/html/rfc7231#section-5.3.3">RFC 7231, section 5.3.3: Accept-Charset</a>. </td>
</tr>
<tr>
<td>Access-Control-Allow-Credentials</td>
<td>Response</td>
<td>

```txt
Access-Control-Allow-Credentials: {boolean}
Access-Control-Allow-Credentials: true
```

</td>
<td>Used in the context of a CORS request. Indicates whether or not the actual request can be made using credentials. See <a href="https://fetch.spec.whatwg.org/#http-access-control-allow-credentials">Fetch, http-access-control-allow-credentials</a>. </td>
</tr>
<tr>
<td>Access-Control-Allow-Headers</td>
<td>Response</td>
<td>

```txt
Access-Control-Allow-Headers: {header-name}, {header-name}, ...
```

</td>
<td>Used in the context of a CORS pre-flight request. Indicates which HTTP headers can be used during the actual request. See <a href="https://fetch.spec.whatwg.org/#http-access-control-allow-headers">Fetch, http-access-control-allow-headers</a>. </td>
</tr>
<tr>
<td>Access-Control-Allow-Methods</td>
<td>Response</td>
<td>

```txt
Access-Control-Allow-Methods: {http-method}, {http-method}, ...
```

</td>
<td>Used in the context of a CORS pre-flight request. Specifies the method or methods allowed in the actual request. See <a href="https://fetch.spec.whatwg.org/#http-access-control-allow-methods">Fetch, http-access-control-allow-methods</a>. </td>
</tr>
<tr>
<td>Access-Control-Allow-Origin</td>
<td>Response</td>
<td>

```txt
Access-Control-Allow-Origin: {origin}
```

</td>
<td>Used in the context of a CORS pre-flight request. Indicates whether the response can be shared with resources with the given origin. See <a href="https://fetch.spec.whatwg.org/#http-access-control-allow-origin">Fetch, http-access-control-allow-origin</a>. </td>
</tr>
<tr>
<td>Access-Control-Expose-Headers</td>
<td>Response</td>
<td>

```txt
Access-Control-Expose-Headers: {header-name}, {header-name}, ...
```

</td>
<td>Used in the context of a CORS request. Indicates which HTTP headers can be exposed as part of the response. See <a href="https://fetch.spec.whatwg.org/#http-access-control-expose-headers">Fetch, http-access-control-expose-headers</a>. </td>
</tr>
<tr>
<td>Access-Control-Max-Age</td>
<td>Response</td>
<td>

```txt
Access-Control-Max-Age: {delta-seconds}
```

</td>
<td>Used in the context of a CORS pre-flight request. Indicates how long the results of a pre-flight request can be cached on the client side. See <a href="https://fetch.spec.whatwg.org/#http-access-control-max-age">Fetch, http-access-control-max-age</a>. </td>
</tr>
<tr>
<td>Access-Control-Request-Headers</td>
<td>Request</td>
<td>

```txt
Access-Control-Request-Headers: {header-name}, {header-name}, ...
```

</td>
<td>Used in the context of a CORS pre-flight request. Lets the server know which HTTP headers is used when the actual request is made. See <a href="https://fetch.spec.whatwg.org/#http-access-control-request-headers">Fetch, http-access-control-request-headers</a>. </td>
</tr>
<tr>
<td>Access-Control-Request-Method</td>
<td>Request</td>
<td>

```txt
Access-Control-Request-Method: {http-method}
```

</td>
<td>Used in the context of a CORS pre-flight request. Lets the server know which HTTP method is used when the actual request is made. See <a href="https://fetch.spec.whatwg.org/#http-access-control-request-method">Fetch, http-access-control-request-method</a>. </td>
</tr>
<tr>
<td>Allow</td>
<td>Response</td>
<td>

```txt
Allow: {http-methods}
```

</td>
<td>Lists the HTTP methods supported by an OCAPI resource. See <a href="http://tools.ietf.org/html/7231#section-7.4.1">RFC 7231, section 7.4.1: Allow</a>. </td>
</tr>
<tr>
<td>Authorization</td>
<td>Request</td>
<td>

```txt
Authorization: {type} {credentials}
```

</td>
<td>Contains the credentials to authenticate a user and/or client application with a server. See <a href="http://tools.ietf.org/html/7235#section-4.2">RFC 7235, section 4.2: Authorization</a>. </td>
</tr>
<tr>
<td>Cache-Control</td>
<td>Request</td>
<td>

```txt
Cache-Control: no-cache, no-store, must-revalidate
Cache-Control: max-age= {seconds}
```

</td>
<td>Specifies directives for caching mechanisms in both requests and responses. See <a href="http://tools.ietf.org/html/7234">Hypertext Transfer Protocol (HTTP/1.1): Caching</a>. </td>
</tr>
<tr>
<td>Content-Length</td>
<td>Request, Response</td>
<td>

```txt
Content-Length: {length}
```

</td>
<td>Indicates the size of the entity-body, in bytes. See <a href="http://tools.ietf.org/html/7230#section-3.3.2">RFC 7231, section 3.3.2: Content-Length</a>. </td>
</tr>
<tr>
<td>Content-Type</td>
<td>Request, Response</td>
<td>

```txt
Content-Type: application/json; charset=utf-8
Content-Type: application/xml;
```

</td>
<td>Indicates the request or response message media type. See <a href="https://tools.ietf.org/html/rfc7231#section-3.1.1.5">RFC 7231, section 3.1.1.5: Content-Type</a>. </td>
</tr>
<tr>
<td>DNT</td>
<td>Request, Response</td>
<td>

```txt
DNT: 0
DNT: 1
```

</td>
<td>Controls shopper tracking. See <a href="https://tools.ietf.org/html/draft-mayer-do-not-track-00">IETF: Draft Do-Not-Track</a>. </td>
</tr>
<tr>
<td>Location</td>
<td>Response</td>
<td>

```txt
Location: <url>
```

</td>
<td>Indicates the URL of a new created resource via HTTP 201 (created) status. See <a href="http://tools.ietf.org/html/7231#section-7.1.2">RFC 7231, section 7.1.2: Location</a>. </td>
</tr>
<tr>
<td>Origin</td>
<td>Request</td>
<td>

```txt
Origin: {scheme} "://" {hostname} [ ":" {port} ]
Origin: https://api-explorer.commercecloud.salesforce.com
```

</td>
<td>Used in the context of a CORS request. Indicates the origin of a fetch. See <a href="http://tools.ietf.org/html/6454#section-7">RFC 6454, section 7: Origin</a>. </td>
</tr>
<tr>
<td>x-dw-client-id</td>
<td>Request</td>
<td>

```txt
x-dw-client-id: {client-id}
```

</td>
<td>Informs the OCAPI server about the client application making the request.</td>
</tr>
<tr>
<td>x-dw-http-method-override</td>
<td>Request</td>
<td>

```txt
x-dw-http-method-override: <http-method>
```

```txt
x-dw-pretty-print: {boolean}
x-dw-pretty-print: true
```

</td>
<td>Indicates whether the server should format the response payload in nice way.</td>
</tr>
<tr>
<td>x-dw-resource-state</td>
<td>Request, Response</td>
<td>

```txt
x-dw-resource-state: {resource-state}
```

```txt
x-dw-version-status: [current|deprecated|obsolete]
```

</td>
<td>Indicates the version status of the requested OCAPI resource.</td>
</tr>

</tbody>
</table>
