Common Request Headers

All request headers are passed as strings, but are not enclosed in quotation marks. They must be listed on separate lines, and each header included in the request signature must be followed by a newline marker (n) in the signature string.

Header Description
Authorization information required for request authentication.
Content-Length Length of the message (without the headers); required for PUTs and operations that load XML, such as logging and ACLs.
Content-Type The content type of the resource in case the request content in the body (e.g., text/plain).
Content-MD5 The base64 encoded 128-bit MD5 digest of the message (without the headers; can be used as a message integrity check to verify that the data is the same data that was originally sent.
Date Current date and time according to the requester (e.g., Tues, 14 Jun 2011 08:30:00 GMT); either the x-amz-date or the Date header must be specified in the Authorization header.

When an application uses 100-continue, it does not send the request body until it receives an acknowledgment. If the message is rejected based on the headers, the body of the message is not sent; can be used only if a body is being sent.

Valid Values: 100-continue

Host Host URI (e.g., s3.{{StorageService}}.com or {{BucketName}}.s3.{{StorageService}}.com); required for HTTP 1.1, optional for HTTP/1.0 requests.
x-amz-date The current date and time according to the requester (e.g., Wed, 01 Mar 2006 12:00:00 GMT); either the x-amz-date or the Date header must be specified in the Authorization header (If both are specified, the value specified for the x-amz-date header takes precedence).
x-amz-security-token Provide security token when using temporary security credential. When making requests using temporary security credentials obtained from IAM, a security token must be provided using this header.

Using the Date Header as an “Expires” Field

Query string authentication can be used for giving HTTP or browser access to resources that require authentication. When using query string authentication, an Expires field must be included in the header request.

Properly speaking, Expires is not a common request header but a sub-resource of the URL passed to a client. Use it in place of the Date header field when distributing a request with the query string authentication mode. The Expires field indicates the number of seconds from Unix epoch time that a request signature remains valid.