.. _api-response-header: API Response Header ------------------- .. _19.3.4-PB5|EKB-9241: The following is a header data example of an API response from an API request not using Basic Auth: :: Date: Tue, 28 Jun 2022 12:17:22 GMT-1s Content-Type: text/html; charset=utf-8 Content-Length: 0 byte Connection: keep-alive Content-Language: en-us Vary: Accept-Language, Cookie X-Request-Id: b41b12575a97b6b16ca79451b1d5c94c7f488c0b X-Request-Duration: 0.021724 Location: /login/ X-Session-Id: hy1y3y2nj1bm3kjnypfz1w24egvd4vbi X-Session: {"max_age": 1800, "extendable": true, "expiry": "2022-06-28T12:47:22.346294+00:00"} Set-Cookie: csrftoken=MnPzYbeItKcSyyysmHWyyypz3igZ79iy; SameSite=Lax; httponly; Path=/ Set-Cookie: sessionid=q150dg1ctpgc1sza3ktggyguo4nsbg5u; SameSite=Lax; httponly; Path=/ Referrer-Policy: strict-origin-when-cross-origin Cache-Control: Content-Security-Policy: style-src 'unsafe-inline' 'self'; script-src 'unsafe-eval' 'self'; Strict-Transport-Security: max-age=63072000 X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block * The ``Set-Cookie`` header entries with ``csrftoken`` and ``sessionid`` have ``SameSite=Lax;`` set to defend against Cross Site Request Forgery (CSRF) attacks. * The ``X-Session`` header entry has the following properties: * ``max_age``: The number of seconds remaining for the session. * ``expiry``: The date at which the session will expire. * ``extendable``: Boolean indicating if the client can extend the length of the session by triggering an API request. This information is also available from a POST call to the following endpoint: :: POST /api/session/keep_alive/ An example response JSON payload: :: { max_age: 86296 extendable: false expiry: "2015-03-18T10:24:53.059Z" } Refer to the section: Time to Live (TTL) .. note:: This header is not present in responses from Basic Auth API requests.