X-DNS-Prefetch-Control
Response header Security

Overview

X-DNS-Prefetch-Control turns on or off the browser's 'DNS prefetching' — resolving the domain names of links and resources in the document before the user clicks. The server controls the trade-off between performance (lower perceived latency) and privacy (pre-emptive lookups leaking intent).

Details

DNS prefetching resolves the hostnames of a page's anchors and resources in the background so that the DNS round trip is already done when the user actually navigates or loads them, improving perceived speed. Most browsers enable it by default. on explicitly permits this, or nudges prefetching that is disabled by default on HTTPS pages.

off disables prefetching, for two reasons. Privacy: every external domain in the page is pre-emptively exposed to DNS servers and network observers even though the user never clicked (e.g. email webviews, sensitive documents). Cost: on pages with very many links, unnecessary lookups can waste resources.

For finer per-page control you can use the <meta http-equiv="x-dns-prefetch-control"> tag instead of this header, or pair it with <link rel="dns-prefetch" href="//host"> to pre-resolve specific domains. Security header sets conventionally include off to reduce pre-emptive exposure.

Syntax

X-DNS-Prefetch-Control: <on | off>

e.g. X-DNS-Prefetch-Control: off

Directives / values

onEnables the browser's DNS prefetching (resolving link domains in the document ahead of time).
offDisables DNS prefetching for privacy and to avoid unnecessary lookups.

Notes

Related headers

Related status codes

Specification