These response header fields are recommended by Mark Nottingham on an SO question:
It depends on the specifics of the response, but generally, a response from an origin server should have:
and either Content-Length, Transfer-Encoding or Connection: close.
If you want to do caching, add Cache-Control (e.g., with max-age); Expires isn't generally necessary any more. If you want clients to be able to validate, add Last-Modified or ETag.
These response header fields are recommended by Mark Nottingham on an SO question: