Observe fixed response headers
Inspect how fixed response fields describe handling policy separately from response content.
- fields
- security headers
- content disposition
- cors
Prediction
The response content can stay small while fields tell a recipient how the representation should be handled or constrained. HEAD should retain relevant metadata without returning the text content.
Controlled observation
Compare a download preset with a security preset, then request the security preset with HEAD. The Worker exposes only these reviewed teaching fields to the HTTPClarity origin through its CORS response contract.
Explanation
Response fields are metadata and control information, not decorations on the
body. Content-Disposition suggests presentation or download handling;
Content-Security-Policy and X-Frame-Options constrain selected browser
behaviors. A real deployment needs a policy designed for its own content and
threat model.
Controlled exercise
Run this observation
Compare fixed download and security response-field presets; Fetch exposes only the reviewed fields named by the Lab CORS contract.
Ready. No request has run.
Controlled request
- Method
- GET
- URL
https://lab.httpclarity.com/v1/headers/download- Permitted headers
- None
- Body
- None
Browser-observed response
No live response yet. The representative static example remains useful without JavaScript or the Worker.
Static response example
HTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
Content-Disposition: attachment; filename="httpclarity-demo.txt"
X-Lab-Preset: download
Fixed download response-field preset.Timing is browser elapsed time. Fetch hides Set-Cookie, raw wire bytes, reliable compressed size, and some redirect details.
Portable examples
'curl' '--include' '--request' 'GET' 'https://lab.httpclarity.com/v1/headers/download'Scroll horizontally to read any long lines.const response = await fetch("https://lab.httpclarity.com/v1/headers/download", {
"method": "GET"
});
console.log(response.status, await response.text());Scroll horizontally to read any long lines.<?php
$options = ['http' => [
'method' => 'GET',
'ignore_errors' => true,
]];
$context = stream_context_create($options);
$body = file_get_contents('https://lab.httpclarity.com/v1/headers/download', false, $context);
var_dump($http_response_header, $body);Scroll horizontally to read any long lines.Need a full API client? Copy the generated cURL command, then import it in Hoppscotch. HTTPClarity sends no request data to Hoppscotch.
Continue in Hoppscotch (opens in a new tab)