Common request headers
Written by
Updated at September 2, 2025
| Header | Description |
|---|---|
Authorization |
Any request to Yandex Object Storage must be authorized. This header must be used with either the Date or X-Amz-Date header.Learn about authorization methods in the respective guides. |
Cache-Control |
Directives for caching data according to RFC 2616. |
Content-Disposition |
Name under which Object Storage will suggest to save the object as a file when downloaded. Compliant with RFC 2616. |
Content-Encoding |
Defines the content encoding according to RFC 2616. |
Content-Length |
Length of the request body (without headers) in compliance with RFC 2616. This header is required for all requests that send to Object Storage any data, e.g., when uploading an object. |
Content-Type |
Data type in the request, e.g., text/html. For more information about data types, see the Media type Wikipedia article.The default type is binary/octet-stream. |
Content-MD5 |
128-bit MD5 hash value of the request body, base64-encoded.This header is compliant with RFC 1864. Object Storage uses it to make sure the data sent matches the data received. If the bucket uses default locks of object versions, the Content-MD5 header is required for uploading or copying an object version. |
Date |
Date and time of the request. Format: Thu, 18 Jan 2018 09:57:35 GMT.When X-Amz-Date is set, Object Storage ignores the Date header. |
Expect |
Expected 100-continue code.When uploading data to Object Storage, an app can use the following logic: - Send a request without a body, but with the Expect: 100-continue header set.- Send a request with a body after getting the 100-continue response. This request must not have the Expect header. |
Expires |
Response expiration date, which is compliant with RFC 2616. |
Host |
Request recipient host. This header is required for HTTP/1.1, but optional for HTTP/1.0 requests. |
X-Amz-Date |
Date and time at the request source. Format: 20211102T145822Z.When X-Amz-Date is set, Object Storage ignores the Date header. |
If a cross-domain (CORS) request is sent, it may contain headers of the options preflight request.