Observe fixed response headers

Inspect how fixed response fields describe handling policy separately from response content.

  • fields
  • security headers
  • content disposition
  • cors

Prediction

The response content can stay small while fields tell a recipient how the representation should be handled or constrained. HEAD should retain relevant metadata without returning the text content.

Controlled observation

Compare a download preset with a security preset, then request the security preset with HEAD. The Worker exposes only these reviewed teaching fields to the HTTPClarity origin through its CORS response contract.

Explanation

Response fields are metadata and control information, not decorations on the body. Content-Disposition suggests presentation or download handling; Content-Security-Policy and X-Frame-Options constrain selected browser behaviors. A real deployment needs a policy designed for its own content and threat model.

Controlled exercise

Run this observation

Compare fixed download and security response-field presets; Fetch exposes only the reviewed fields named by the Lab CORS contract.

Ready. No request has run.

Controlled request

Method
GET
URL
https://lab.httpclarity.com/v1/headers/download
Permitted headers
None
Body
None

Browser-observed response

No live response yet. The representative static example remains useful without JavaScript or the Worker.

Static response example

HTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
Content-Disposition: attachment; filename="httpclarity-demo.txt"
X-Lab-Preset: download

Fixed download response-field preset.

Timing is browser elapsed time. Fetch hides Set-Cookie, raw wire bytes, reliable compressed size, and some redirect details.

Portable examples

cURL
'curl' '--include' '--request' 'GET' 'https://lab.httpclarity.com/v1/headers/download'
Scroll horizontally to read any long lines.
Fetch API
const response = await fetch("https://lab.httpclarity.com/v1/headers/download", {
  "method": "GET"
});
console.log(response.status, await response.text());
Scroll horizontally to read any long lines.
PHP
<?php
$options = ['http' => [
    'method' => 'GET',
    'ignore_errors' => true,
]];
$context = stream_context_create($options);
$body = file_get_contents('https://lab.httpclarity.com/v1/headers/download', false, $context);
var_dump($http_response_header, $body);
Scroll horizontally to read any long lines.

Need a full API client? Copy the generated cURL command, then import it in Hoppscotch. HTTPClarity sends no request data to Hoppscotch.

Continue in Hoppscotch (opens in a new tab)

Primary sources