Zero Signup ToolsFree browser tools

Developer Tools

Content-Disposition Header Builder

Build and parse the Content-Disposition response header. attachment, inline, form-data, and RFC 5987 UTF-8 filename* encoding for non-ASCII downloads.

Presets

Tap a preset to load a common pattern.

Disposition

attachment triggers a Save As dialog or a direct download.

inline asks the browser to render the body in the tab (PDFs, images, plain text).

form-data is for multipart request bodies (file upload fields), not for HTTP responses.

Non-ASCII characters are percent-encoded into filename*=UTF-8 per RFC 5987.

UTF-8 fallback

When the filename contains non-ASCII bytes, modern browsers use filename*, but older clients still read filename=. Emitting both is the safe default.

Advanced (RFC 2183 informational params)

These RFC 2183 parameters are informational. Browsers ignore them on HTTP responses; mail clients and a few download managers honour them.

Generated header

Content-Disposition: attachment; filename="Resume 2026.pdf"

What the client downloads

Modern browsers (Chrome, Firefox, Safari, Edge) save the file as Resume 2026.pdf. Older clients fall back to Resume 2026.pdf.

Server snippets

Drop into your server config or framework. Customize the path matcher to fit your routing.

Raw header

Content-Disposition: attachment; filename="Resume 2026.pdf"

Apache (.htaccess / VirtualHost)

<IfModule mod_headers.c>
  Header set Content-Disposition "attachment; filename=\"Resume 2026.pdf\""
</IfModule>

Nginx

add_header Content-Disposition "attachment; filename=\"Resume 2026.pdf\"" always;

Vercel (vercel.json)

{
  "headers": [
    {
      "source": "/downloads/(.*)",
      "headers": [
        {
          "key": "Content-Disposition",
          "value": "attachment; filename=\"Resume 2026.pdf\""
        }
      ]
    }
  ]
}

Netlify (_headers)

/downloads/*
  Content-Disposition: attachment; filename="Resume 2026.pdf"

Cloudflare Worker

const response = await fetch(request);
const headers = new Headers(response.headers);
headers.set("Content-Disposition", "attachment; filename=\"Resume 2026.pdf\"");
return new Response(response.body, { status: response.status, headers });

Express.js

app.get("/downloads/:file", (req, res) => {
  res.setHeader("Content-Disposition", "attachment; filename=\"Resume 2026.pdf\"");
  res.sendFile(filePath);
});

Next.js route handler

export async function GET() {
  return new Response(body, {
    headers: {
      "Content-Disposition": "attachment; filename=\"Resume 2026.pdf\"",
    },
  });
}

Python (Flask)

from flask import Response

@app.get("/download")
def download():
    return Response(
        payload,
        headers={"Content-Disposition": "attachment; filename=\"Resume 2026.pdf\""},
    )

Quick reference

attachment vs inline

attachment downloads the file. inline asks the browser to render it (PDFs, images, plain text).

filename vs filename*

filename is an ASCII-only quoted string. filename* (RFC 5987) carries UTF-8 via percent-encoding.

Which one wins

When both are present, RFC 6266 Section 4.3 says the client uses filename* and ignores filename.

form-data

Used in multipart/form-data request bodies. Requires name= for the field; filename= names the upload.

Path separators

Browsers strip path components and use the basename only. Send the basename to be explicit.

RFC 2183 params

size, creation-date, modification-date, and read-date are informational. HTTP responses to browsers ignore them.

How to use

  1. Pick a preset (PDF download, UTF-8 filename, Inline image preview, ZIP archive, Multipart form-data field, CJK filename) or start with the default attachment.
  2. Type the filename a user should see when they save the file. Non-ASCII characters trigger the RFC 5987 filename*=UTF-8 encoding automatically.
  3. Keep Emit ASCII fallback on so older clients still get a usable filename. Override the transliterated fallback if you want a specific ASCII form.
  4. Copy the header value at the top of the Output section, or grab a server snippet (Apache, Nginx, Vercel, Netlify, Cloudflare Worker, Next.js, Express, Flask) to drop into your config.
  5. Switch to Parse and explain and paste any Content-Disposition value to see the disposition type, the parsed parameters, the decoded UTF-8 filename, and the name a modern browser will actually use.

About this tool

Content-Disposition Header Builder turns a disposition type and a filename into the exact response header browsers, download managers, mail clients, and proxies look at when deciding whether to render a body inline or save it to disk, and what to name the saved file. The builder covers the three disposition types in active use: attachment for forced downloads (RFC 6266 for HTTP), inline for in-tab rendering of PDFs and images, and form-data for the file-upload parts of multipart request bodies (RFC 7578). The hard part of this header is filenames that contain anything outside the strict 7-bit ASCII range. RFC 6266 inherits the HTTP quoted-string token shape from RFC 7230, which has no defined encoding above 0x7F; in practice Chrome guesses UTF-8, Safari guesses Latin-1, and a filename like Résumé.pdf can save as Résumé.pdf or worse. The fix is RFC 5987 ext-value: a parameter named filename* whose value is the charset, an empty language tag, and the UTF-8 bytes of the filename percent-encoded byte by byte. This tool runs that encoding automatically for any character outside the attr-char set (ALPHA / DIGIT / ! # $ & + - . ^ _ ` | ~), produces a transliterated ASCII fallback for the legacy filename= token, and emits both so modern browsers pick the Unicode version while older clients still get a usable name. The parser mode accepts any Content-Disposition value the server is already returning (with or without the Content-Disposition: prefix, on one or many folded lines), correctly handles semicolons inside quoted strings and backslash escapes, decodes filename* back to the original Unicode, flags charsets other than UTF-8, surfaces the conflicts that quietly break downloads in production (filename* with a broken percent escape, repeated parameters, form-data without name=, path separators in the filename, mismatched filename and filename*), and shows which name a modern browser will actually use per RFC 6266 Section 4.3. The output ships ready-to-paste snippets for Apache, Nginx, Vercel, Netlify, Cloudflare Workers, Next.js route handlers, Express, and Python Flask, with the value safely quoted for each context. Useful for backend engineers building file-download endpoints, SaaS teams sending export filenames in customer languages, anyone debugging a strange filename appearing in the Save As dialog, and writers translating between the header and the way browsers actually behave. Everything runs in your browser; the disposition type, filename, and any pasted header values never leave your device.

Free to use. Works in your browser. No signup, no login.

Related tools

You may also like

All tools
Developer

Cache-Control Header Builder

Build and parse Cache-Control headers with directive flags, max-age presets, conflict checks, and ready-to-paste server snippets.

Open tool

Developer

CORS Headers Generator

Build Access-Control headers with live validation and Apache, Nginx, Vercel, Netlify, Next.js, Worker, and Express snippets.

Open tool

Developer

HTTP Link Header Builder

Build RFC 8288 Link headers with preload, canonical, hreflang, and parse existing values.

Open tool

Developer

CSP Header Generator

Visual builder for the Content-Security-Policy HTTP header.

Open tool

Developer

Authorization Header Generator

Build Basic, Bearer, and custom Authorization headers with copy-paste request snippets.

Open tool

Developer

MIME Type Lookup

Find the MIME type for any extension, with Content-Type header and aliases.

Open tool

All toolsDeveloper Tools