Common request headers
Written by
Updated at March 19, 2025
Header | Description |
---|---|
Authorization |
Any request to the Yandex Object Storage must be authorized. You must use it together with the Date or X-Amz-Date header.Learn more about authorization methods in the respective guides. |
Cache-Control |
Directives for caching data according to RFC 2616 |
Content-Disposition |
Name under which Object Storage will suggest to save the object as a file when downloaded, which is compliant with RFC 2616 |
Content-Encoding |
Defines the content encoding according to RFC 2616 |
Content-Length |
Length of the request body (without headers) according to RFC 2616 This header is required for all requests that send data to Object Storage, e.g., when uploading an object. |
Content-Type |
Data type in the request, e.g., text/html . For more information about data types, see the Media typeThe default type is binary/octet-stream . |
Content-MD5 |
128-bit MD5 hash value of the request body, base64 -encoded.This header is compliant with RFC 1864 Object Storage uses it to verify that the data sent matches the data received. If the bucket uses default object locks, the Content-MD5 header is required for uploading or copying an object version. |
Date |
Date and time of the request. It has the following format: Thu, 18 Jan 2018 09:57:35 GMT .If X-Amz-Date is set, Object Storage ignores the Date header. |
Expect |
100-continue expected code.When uploading data to Object Storage, an app can use the following logic: - Send a request without a body, but with the Expect: 100-continue header set.- Send a request with a body after getting the 100-continue response. This request must not have the Expect header. |
Expires |
Response expiration date, which is compliant with RFC 2616 |
Host |
Host the request is made to. This header is required for HTTP/1.1, but optional for HTTP/1.0 requests. |
X-Amz-Date |
Date and time of the origins that sent the request. It has the following format: 20211102T145822Z .If X-Amz-Date is set, Object Storage ignores the Date header. |
If a cross-domain (CORSoptions
preflight request.