Common Request Headers
The following table describes headers that can be used by various types of Amazon S3 REST requests.
Header Name | Description |
---|---|
Authorization |
The information required for request authentication. For more information, go to The Authentication Header in the Amazon Simple Storage Service Developer Guide. For anonymous requests this header is not required. |
Access-Control-Request-Method
|
A list of HTTP methods that is sent as a pre-flight CORS request. If the pre-flight CORS evaluation is successful, then the specified methods are allowed to be used in the following CORS request. |
Content-Length |
Length of the message (without the headers) according to RFC 2616. This header is required for PUTs and operations that load XML, such as logging and ACLs. |
Content-Type |
The content type of the resource in case the request has content in the body. Example:
|
Content-MD5 |
The base64 encoded 128-bit MD5 digest of the message (without the headers) according to RFC 1864. This header can be used as a message integrity check to verify that the data is the same data that was originally sent. Although it is optional, we recommend using the Content-MD5 mechanism as an end-to-end integrity check. For more information about REST request authentication, go to REST Authentication in the Amazon Simple Storage Service Developer Guide. |
Date |
The date that can be used to create the signature contained in the
If the Date header is not used for signing, it can be one of the full
date formats specified by RFC
2616 If you are using the If |
Expect
|
When your application uses 100-continue, it does not send the request body until it receives an acknowledgment. If the message is rejected based on the headers, the body of the message is not sent. This header can be used only if you are sending a body. Valid Values: 100-continue |
Host |
For path-style requests, the value is This header is required for HTTP 1.1 (most toolkits add this header automatically); optional for HTTP/1.0 requests. |
Origin |
An endpoint that specifies the server name of the initial requester. |
x-amz-content-sha256 |
When using signature version 4 to authenticate request, this header provides a hash of
the request payload. For more information see Signature Calculations for the Authorization Header:
Transferring Payload in a Single Chunk (Amazon Signature Version 4). When uploading object in
chunks, you set the value to |
x-amz-date |
The date used to create the signature in the Authorization header. The format must be
ISO 8601 basic in the
|
x-amz-security-token |
This header can be used in the following scenarios:
This header is required for requests that use Amazon DevPay and requests that are signed by using temporary security credentials. |