동향 및 공지

릴리스 노트

제품 공지

제품 소개

제품 개요

기능 개요

적용 시나리오

제품 장점

기본 개념

리전 및 액세스 도메인

규격 및 제한

제품 요금

과금 개요

과금 방식

과금 항목

프리 티어

과금 예시

청구서 보기 및 다운로드

연체 안내

FAQ

빠른 시작

콘솔 시작하기

COSBrowser 시작하기

사용자 가이드

요청 생성

버킷

객체

데이터 관리

일괄 프로세스

글로벌 가속

모니터링 및 알람

운영 센터

데이터 처리

스마트 툴 박스 사용 가이드

데이터 워크플로

애플리케이션 통합

툴 가이드

툴 개요

환경 설치 및 설정

COSBrowser 툴

COSCLI 툴

COSCMD 툴

COS Migration 툴

FTP Server 툴

Hadoop 툴

COSDistCp 툴

HDFS TO COS 툴

온라인 도구 (Onrain Dogu)

자가 진단 도구

실습 튜토리얼

개요

액세스 제어 및 권한 관리

성능 최적화

AWS S3 SDK를 사용하여 COS에 액세스하기

데이터 재해 복구 백업

도메인 관리 사례

이미지 처리 사례

COS 오디오/비디오 플레이어 사례

데이터 다이렉트 업로드

데이터 보안

데이터 검증

빅 데이터 사례

COS 비용 최적화 솔루션

3rd party 애플리케이션에서 COS 사용

마이그레이션 가이드

로컬 데이터 COS로 마이그레이션

타사 클라우드 스토리지 데이터를 COS로 마이그레이션

URL이 소스 주소인 데이터를 COS로 마이그레이션

COS 간 데이터 마이그레이션

Hadoop 파일 시스템과 COS 간 데이터 마이그레이션

데이터 레이크 스토리지

클라우드 네이티브 데이터 레이크

메타데이터 가속

데이터 레이크 가속기 GooseFS

데이터 처리

데이터 처리 개요

이미지 처리

미디어 처리

콘텐츠 조정

파일 처리

문서 미리보기

장애 처리

RequestId 가져오기

공용 네트워크로 COS에 파일 업로드 시 속도가 느린 문제

COS 액세스 시 403 에러 코드 반환

리소스 액세스 오류

POST Object 자주 발생하는 오류

보안 및 컴플라이언스

데이터 재해 복구

데이터 보안

액세스 관리

자주 묻는 질문

Common Request Headers

포커스 모드

폰트 크기

마지막 업데이트 시간: 2025-11-24 17:14:27

Description
This document introduces the common request headers used when you use APIs. The headers mentioned in the following text will not be reiterated in subsequent specific API documentation.
List of Request Headers
Header Name
﻿
Description
﻿
Type
﻿
Mandatory
﻿
Authorization
Signature information that carries authentication information to verify the legitimacy of the request.
For public read objects, you do not need to carry this header. If you transmit the authentication information through request parameters, you do not need to carry this header. For details, see Request Signature.
string
Yes
For public read objects or authentication information transmitted through request parameters, this header is optional.
Content-Length
Content length of an HTTP request defined in RFC 2616, which is measured in bytes.
integer
For PUT and POST requests (excluding PUT Object requests specifying the Transfer-Encoding request header), this header is mandatory.
For GET, HEAD, DELETE, and OPTIONS requests, this header cannot be specified.
Content-Type
HTTP request content type (MIME) defined in RFC 2616， such as application/xml or image/jpeg.
string
For PUT and POST requests that contain a request body, this header is mandatory.
For GET, HEAD, DELETE, and OPTIONS requests, this header cannot be specified.
Content-MD5
Base64 encoding format of the 16-byte binary MD5 hash value of the request body content defined in RFC 1864, which is used for integrity checks to verify whether the request body has undergone changes during transmission. The final value length should be 24 characters. Ensure that the correct methods and parameters are used when writing code. For instance, ZzD3iDJdrMAAb00lgLLeig==.
string
For PUT and POST requests that have a request body (excluding POST Object), this header is mandatory.
For GET, HEAD, DELETE, and OPTIONS requests, this header cannot be specified.
Date
Current time in GMT format defined in RFC 1123, for instance, Wed, 29 May 2019 04:10:12 GMT.
string
No
Host
Requested host, formatted as <BucketName-APPID>.cos.<Region>.myqcloud.com.
string
Yes
x-cos-security-token
Security token field required when the temporary security credentials are used. For details, refer to the instructions related to temporary security credentials.
string
No
When temporary keys are used and authentication information are carried via Authorization, this header is mandatory.
Dedicated Headers for SSE
For interfaces that support server-side encryption (SSE), the following request headers are applicable based on different encryption methods. Refer to the specific interface documentation to determine the applicability of SSE. The necessity of the following headers is only for scenarios that use SSE. If the request does not support SSE interfaces or does not use SSE, there is no need to carry the following headers. For more details, refer to the SSE overview.
SSE-COS
Header Name
Description
Type
Mandatory
x-cos-server-side-encryption
SSE algorithm, which is specified as AES256 when SSE-COS is used.
string
When uploading or duplicating objects (including simple uploading/duplication and multipart uploading/duplication), carrying this header will employ SSE-COS encryption. If this header is not carried, encryption will be implemented based on the bucket encryption configuration.  This header cannot be specified when you download objects.
SSE-KMS
Header Name
Description
Type
Mandatory
x-cos-server-side-encryption
SSE algorithm, which is specified as cos/kms when SSE-KMS is used.
﻿
string
When uploading or duplicating objects (including simple uploading/duplication and multipart uploading/duplication), carrying this header will employ SSE-KMS encryption. If this header is not carried, encryption will be implemented based on the bucket encryption configuration. This header cannot be specified when you download objects.
x-cos-server-side-encryption-cos-kms-key-id
When the value of x-cos-server-side-encryption is cos/kms, this header is used to designate the user primary key CMK of KMS. If this header is not specified, the default CMK created by COS is used. For more details, refer to SSE-KMS Encryption.
﻿
string
No
x-cos-server-side-encryption-context
When the value of x-cos-server-side-encryption is cos/kms, this header is used to specify the encryption context. The value is the Base64 encoding of the JSON formatted encryption context key-value pair. For instance, eyJhIjoiYXNkZmEiLCJiIjoiMTIzMzIxIn0=.
string
No
SSE-C
Header Name
Description
Type
Mandatory
x-cos-server-side-encryption-customer-algorithm
SSE algorithm. Currently only AES256 is supported.
﻿
string
Yes
x-cos-server-side-encryption-customer-key
Base64 encoding of the SSE key. For instance, MDEyMzQ1Njc4OUFCQ0RFRjAxMjM0NTY3ODlBQkNERUY=.
string
Yes
x-cos-server-side-encryption-customer-key-MD5
MD5 hash value of the SSE key, which is encoded in Base64. For instance, U5L61r7jcwdNvT7frmUG8g==.
string
Yes
Dedicated Headers for Object Lock
For interfaces that support object lock, the following object lock headers can be used for lock adding during the object uploading process. The necessity of the following headers is only applicable to scenarios using the object lock function. For more details, refer to Object Lock Overview.
Header Name
Description
Type
Mandatory
x-cos-object-lock-retain-until-date
Sets the object lock period, which is a timestamp used for setting the specific retention period. The value is represented in accordance with the ISO8601 standard and requires the use of the UTC time. For instance, 2022-02-17T10:30:09.000Z.
string
Yes
x-cos-object-lock-mode
Sets the object lock mode. The COMPLIANCE mode is supported.
string
Yes
﻿

도움말 및 지원

문제 해결에 도움이 되었나요?

더 자세한 내용은 문의하기 또는 티겟 제출 을 통해 문의할 수 있습니다.

피드백

tencent cloud

Cloud Object Storage

Common Request Headers

Description

List of Request Headers

Dedicated Headers for SSE

SSE-COS

SSE-KMS

SSE-C

Dedicated Headers for Object Lock

도움말 및 지원

Header Name	Description	Type	Mandatory
Authorization	Signature information that carries authentication information to verify the legitimacy of the request. For public read objects, you do not need to carry this header. If you transmit the authentication information through request parameters, you do not need to carry this header. For details, see Request Signature.	string	Yes For public read objects or authentication information transmitted through request parameters, this header is optional.
Content-Length	Content length of an HTTP request defined in RFC 2616, which is measured in bytes.	integer	For PUT and POST requests (excluding PUT Object requests specifying the Transfer-Encoding request header), this header is mandatory. For GET, HEAD, DELETE, and OPTIONS requests, this header cannot be specified.
Content-Type	HTTP request content type (MIME) defined in RFC 2616， such as application/xml or image/jpeg.	string	For PUT and POST requests that contain a request body, this header is mandatory. For GET, HEAD, DELETE, and OPTIONS requests, this header cannot be specified.
Content-MD5	Base64 encoding format of the 16-byte binary MD5 hash value of the request body content defined in RFC 1864, which is used for integrity checks to verify whether the request body has undergone changes during transmission. The final value length should be 24 characters. Ensure that the correct methods and parameters are used when writing code. For instance, ZzD3iDJdrMAAb00lgLLeig==.	string	For PUT and POST requests that have a request body (excluding POST Object), this header is mandatory. For GET, HEAD, DELETE, and OPTIONS requests, this header cannot be specified.
Date	Current time in GMT format defined in RFC 1123, for instance, Wed, 29 May 2019 04:10:12 GMT.	string	No
Host	Requested host, formatted as <BucketName-APPID>.cos.<Region>.myqcloud.com.	string	Yes
x-cos-security-token	Security token field required when the temporary security credentials are used. For details, refer to the instructions related to temporary security credentials.	string	No When temporary keys are used and authentication information are carried via Authorization, this header is mandatory.