openUTM evaluates the following header fields in an HTTP request, whereby the keywords are recognized in any upper-case notation:

• Accept
  Specifies the data type in which the HTTP client wants to receive the HTTP response.
  
  
• Accept-Charset
  Specifies the character set in which the HTTP client wants to receive the HTTP response.
  
  
• Authorization
  Specification of the authentication data.
  
  
• Connection
  Specifies whether the connection is to be held by the HTTP server.
  
  
• Content-Length
  Specifies the length of the message body.
  
  
• Content-Type
  Specifies the MIME type and, if necessary, the character set of the message body.
  
  
• Expect
  Request to the HTTP server to check the request before receiving the message body.
  
  
• Host
  Specifies the name of the HTTP server.
  
  
• Transfer-Encoding
  Specifies the data transformation used for the request.

openUTM sets the following header fields in an HTTP response.

• Cache-Control
  Specifies whether and for how long the response may be stored by the client.
  
  
• Connection
  Specifies whether the connection is terminated by the HTTP server.
  
  
• Content-Length
  Length of the message body.
  
  
• Content-Type
  Specifies the MIME type and, if necessary, the character set of the message body.
  
  
• Date
  Specifies the current date.
  
  
• Server
  Information about the UTM HTTP server
  
  
• X-Content-Type-Options
  Information on MIME sniffing.
  
  
• X-Frame-Options
  Protection against clickjacking.
  
  
• X-Xss-Protection
  Filter for cross-site scripting.

You will find detailed information on the evaluation and the setting of header fields during application running in chapter "Program interface UTM-HTTP" in the openUTM manual „Programming applications with KDCS“.