ContextQMD
Back to Content

Sec-Private-State-Token-Lifetime header

files/en-us/web/http/reference/headers/sec-private-state-token-lifetime/index.md

latest1.6 KB
Original Source

{{SeeCompatTable}}

The HTTP Sec-Private-State-Token-Lifetime {{Glossary("Response Header")}} is used by the Private State Token API during token redemption. It is sent by the redeemer server to indicate to the browser how long (in seconds) a redemption record should be cached for. The redemption record itself is sent in a {{httpheader("Sec-Private-State-Token")}} response header.

If the Sec-Private-State-Token-Lifetime header is omitted, the lifetime of the redemption record will be tied to the lifetime of the token verification key that confirmed the redeemed token's issuance.

<table class="properties"> <tbody> <tr> <th scope="row">Header type</th> <td>{{Glossary("Response Header")}}</td> </tr> <tr> <th scope="row"> {{Glossary("CORS-safelisted request header")}} </th> <td>No</td> </tr> </tbody> </table>

Syntax

http
Sec-Private-State-Token-Lifetime: <integer>

Servers should ignore this header if it contains any other value.

Directives

  • <integer>
    • : An integer specifying the lifetime of the sent redemption record in seconds.

Examples

http
Sec-Private-State-Token-Lifetime: 604800

Specifications

{{Specifications}}

Browser compatibility

{{Compat}}

See also

  • {{httpheader("Sec-Private-State-Token")}}
  • {{httpheader("Sec-Private-State-Token-Crypto-Version")}}
  • {{httpheader("Sec-Redemption-Record")}}
  • Private State Token API