Sec-WebSocket-Accept header
BaselineWidely available
This feature is well established and works across many devices and browser versions. It’s been available across browsers since July 2015.
The HTTPSec-WebSocket-Acceptresponse header is used in theWebSocket openinghandshake to indicate that the server is willing to upgrade to a WebSocket connection.
This header must appear no more than once in the response, and has a directive value that is calculated from theSec-WebSocket-Key request header sent in the corresponding request.
| Header type | Response header |
|---|---|
| Forbidden request header | Yes (Sec- prefix) |
Syntax
Sec-WebSocket-Accept: <hashed key>Directives
<hashed key>If a
Sec-WebSocket-Keyheader was provided, the value of this header is computed by taking the value of the key, concatenating the string258EAFA5-E914-47DA-95CA-C5AB0DC85B11, and taking theSHA-1 hash of that concatenated string — resulting in a 20-byte value.That value is thenbase64 encoded to obtain the value of this property.
Examples
WebSocket opening handshake
The client will initiate a WebSocket handshake with a request like the following.Note that this starts as an HTTPGET request (HTTP/1.1 or later) and includes theUpgrade header indicating the intent to upgrade to a WebSocket connection.It also includesSec-WebSocket-Key, which is used in the calculation ofSec-WebSocket-Accept to confirm the intent to upgrade the connection to a WebSocket connection.
GET /chat HTTP/1.1Host: example.com:8000Upgrade: websocketConnection: UpgradeSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==Sec-WebSocket-Version: 13The response from the server should include theSec-WebSocket-Accept header with a value that is calculated from theSec-WebSocket-Key header in the request, and confirms the intent to upgrade the connection to a WebSocket connection:
HTTP/1.1 101 Switching ProtocolsUpgrade: websocketConnection: UpgradeSec-WebSocket-Accept: s3pPLMBiTxaQ9kYGzzhZRbK+xOo=Specifications
| Specification |
|---|
| The WebSocket Protocol # section-11.3.3 |