Home

LocationHeader

LocationHeader, more commonly referred to in technical contexts as the Location header, is an HTTP response header field that carries a URI pointing to the next resource the client should use. It is defined in RFC 7231 as a mechanism to indicate the preferred location of a resource after a request. The value of the header is a URI reference, which may be absolute or relative.

LocationHeader is most widely used to support resource redirection. In redirect responses, such as those with

Another common use is in the response to a request that creates a new resource. In a

Syntax and resolution: The Location header value must be a URI Reference. It can be absolute or

Security and design considerations: Location headers can enable user redirection, which, if misused, may lead to

status
codes
301,
302,
303,
307,
and
308,
the
server
includes
a
Location
header
containing
the
URL
to
which
the
client
should
navigate.
User
agents
typically
follow
these
redirects
automatically,
subject
to
user
preferences
and
security
policies.
201
Created
response,
the
Location
header
indicates
the
URL
of
the
newly
created
resource.
In
some
cases,
a
202
Accepted
response
may
include
a
Location
header
to
point
to
a
URL
where
the
client
can
poll
or
monitor
the
status
of
asynchronous
processing.
a
relative
reference;
if
relative,
the
client
resolves
it
against
the
base
URI
of
the
response,
following
standard
URI
resolution
rules.
Relativity
to
the
original
host
or
cross-origin
considerations
depend
on
the
server’s
implementation
and
security
policies.
open
redirect
vulnerabilities
or
phishing
risks.
Servers
should
validate
and,
where
appropriate,
prefer
absolute
URLs
and
ensure
redirects
point
to
trusted
destinations.