The Sec-WebSocket-Accept header is used in the websocket opening handshake. It would appear in the response headers. That is, this is header is sent from server to client to inform that server is willing to initiate a websocket connection.

Header type Response header
Forbidden header name no


Sec-WebSocket-Accept: <hashed key>


<hashed key>

The server takes the value of the Sec-WebSocket-Key sent in the handshake request, appends 258EAFA5-E914-47DA-95CA-C5AB0DC85B11, takes SHA-1 of the new value, and is then base64 encoded.


Sec-WebSocket-Accept: s3pPLMBiTxaQ9kYGzzhZRbK+xOo=


No specification found

No specification data found for http.headers.Sec-WebSocket-Accept.
Check for problems with this page or contribute a missing spec_url to mdn/browser-compat-data. Also make sure the specification is included in w3c/browser-specs.

See also

Browser compatibility

BCD tables only load in the browser