Response headers

The following headers are included in Vercel deployment responses and indicate certain factors of the environment. These headers can be viewed from the Browser's Dev Tools or using an HTTP client such as curl -I <DEPLOYMENT_URL>.

Used to specify directives for caching mechanisms in both the Network layer cache and the browser cache. See the Cache Control Headers section for more detail.

If you use this header to instruct the Edge Network to cache data, such as with the s-maxage directive, Vercel returns the following cache-control header to the client:

-cache-control: public, max-age=0, must-revalidate

An integer that indicates the number of bytes in the response.

The media type that describes the nature and format of the response.

A timestamp indicating when the response was generated.

Shows where the request came from. This header can be overridden by other proxies (e.g., Cloudflare).

A header often abbreviated as HSTS that tells browsers that the resource should only be requested over HTTPS. The default value is strict-transport-security: max-age=63072000 (2 years)

Present only on:

• Preview deployments
• Outdated production deployments. When you promote a new deployment to production, the x-robots-tag header will be sent to requests for outdated production deployments

We add this header automatically with a value of noindex to prevent search engines from crawling your Preview Deployments and outdated Production Deployments, which could cause them to penalize your site for duplicate content.

You can prevent this header from being added to your Preview Deployment by:

• Assigning a production domain to it
• Disabling it manually using vercel.json

This header's value indicates whether the response was served from Vercel's edge cache.

The following values are possible when the content being served is static or uses a Cache-Control header:

The response was not found in the edge cache and was fetched from the origin server.

The response was served from the edge cache.

The response was served from the edge cache. A background request to the origin server was made to update the content. A background request to the origin was made to get a fresh version. (see Stale-While-Revalidate for more information)

The response was served from static storage. An example of prerender is in Next.js, when setting fallback:true in getStaticPaths. However, fallback:blocking will not return prerender.

The response was served from the origin server and the cache was refreshed due to an authorization from the user in the incoming request.

This header contains a list of Edge regions your request hit, as well as the region the function was executed in (for both Edge and Serverless).

It also allows Vercel to automatically prevent infinite loops.