Sec-WebSocket-Extensions
The HTTP Sec-WebSocket-Extensions request and response header negotiates WebSocket protocol extensions between the client and server during the protocol upgrade handshake.
Baseline: Widely available
Supported across all major browsers. webstatus.dev
Usage
The Sec-WebSocket-Extensions header operates in both directions during the WebSocket upgrade. The client sends this header listing the extensions the client supports and is willing to use. The server responds with the subset of extensions agreed upon for the connection.
Extensions modify how WebSocket frames are processed. The most widely
deployed extension is permessage-deflate, which applies
Compression to message payloads. Other extensions control frame
fragmentation, multiplexing, or custom framing semantics. Each extension
has parameters controlling behavior.
The client proposes extensions with parameters. The server selects from the offered list, responding with the same extension names and agreed parameters. Only extensions confirmed in the server response become active. If the server omits Sec-WebSocket-Extensions entirely, the connection proceeds without any extensions.
Extensions operate independently unless the specification defines interactions. Multiple extensions process frames in the order listed in the server response header.
Directives
permessage-deflate
The permessage-deflate extension applies DEFLATE Compression to each
WebSocket message. Parameters control compression windows and context
takeover. This reduces bandwidth for text-heavy protocols like chat,
notifications, and real-time updates.
Other extensions
Extension names are registered with IANA. The
x-webkit-deflate-frame extension is an obsolete
WebKit-specific predecessor to permessage-deflate
and is no longer used in modern browsers. Custom
application extensions define their own parameter
syntax and semantics.
Example
A browser requests WebSocket Secure connection support for
compression. The client proposes permessage-deflate with parameters for
window size and context handling.
Sec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==
Sec-WebSocket-Version: 13
Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
The server confirms activation of compression with agreed parameters.
Sec-WebSocket-Accept: s3pPLMBiTxaQ9kYGzzhZRbK+xOo=
Sec-WebSocket-Extensions: permessage-deflate
Takeaway
The Sec-WebSocket-Extensions header enables negotiation of WebSocket protocol extensions, with the client proposing capabilities and the server confirming which extensions will be active for the connection.
See also
- RFC 6455: The WebSocket Protocol
- RFC 7692: Compression Extensions for WebSocket
- Sec-WebSocket-Accept
- Sec-WebSocket-Key
- Sec-WebSocket-Protocol
- Sec-WebSocket-Version
- Compression
- Ws
- Wss
- Protocol-Upgrade
- HTTP headers