Content-Disposition
The HTTP Content-Disposition header is used to instruct the client as to how the information is displayed in a regular or multipart HTTP response.
Usage
In a standard HTTP response, the Content-Disposition header dictates whether the content is displayed in the browser or, instead, made available as an attachment to be downloaded to local storage.
When the HTTP response has a body of type multipart/form-data, this HTTP header is required to provide information about the subpart that it pertains to. The subpart is delimited by the boundary that is defined in the HTTP Content-Type header. The Content-Disposition does not affect the body of the HTTP response.
Standard Response
The parameters for a regular HTTP response are inline, attachment, and filename. Multiple directives are delimited by a semicolon.
Content-Disposition: inline
The inline directive will direct the client’s browser to display the content as a web page, or as part of a web page.
Content-Disposition: attachment
Content-Disposition: attachment; filename="document.doc"
These are two examples of this HTTP header that will, in many implementations, present the user with an option to save the attachment to local storage. In the second example, the filename "document.doc" will be the default filename in a "Save as…" dialog.
Multipart Response Body
In a multipart body, where the HTTP Content-Disposition header is responsible for providing information about each subpart, the directives are form-data, name, filename, and filename*. The form-data directive is first and the name directive is required to identify the field in question. Multiple directives are delimited by a semicolon.
Content-Disposition: form-data; name="<field-name>"
When the response contains multiple files in the same field, it is possible to have several subparts with the same name. This can happen, for example, with the multiple attribute on an input form.
If the name directive has a value of _CHARSET_ then it is not part of the HTML field. Rather, it is the default character set that is to be used for parts where one is not explicitly defined.
The filename and filename* directives are identical except that filename* uses the encoding specified in RFC 8187. If both directives are present in the header then the filename* is given priority.
Takeaway
The HTTP Content-Disposition header directs the client in terms of whether the HTTP response is displayed in the browser or saved in local storage. For multipart/form-data, it provides the necessary information about the sub-parts of the message.