stdin
) and sends messages
to its standard output (stdout
).stderr
) for logging
purposes. Clients MAY capture, forward, or ignore this logging.stdout
that is not a valid MCP message.stdin
that is not a valid MCP
message.https://example.com/mcp
.
Origin
header on all incoming connections to prevent DNS rebinding attacksAccept
header, listing both application/json
and
text/event-stream
as supported content types.id
.Content-Type: text/event-stream
, to initiate an SSE stream, or
Content-Type: application/json
, to return one JSON object. The client MUST
support both these cases.CancelledNotification
.Accept
header, listing text/event-stream
as a
supported content type.Content-Type: text/event-stream
in response to
this HTTP GET, or else return HTTP 405 Method Not Allowed, indicating that the server
does not offer an SSE stream at this endpoint.id
field to their SSE events, as described in the
SSE standard.
Last-Event-ID
header to indicate the last event ID it received.
Mcp-Session-Id
header on the HTTP
response containing the InitializeResult
.
Mcp-Session-Id
is returned by the server during initialization, clients using
the Streamable HTTP transport MUST include it in the Mcp-Session-Id
header on
all of their subsequent HTTP requests.
Mcp-Session-Id
header (other than initialization) with HTTP 400 Bad Request.Mcp-Session-Id
, it MUST start a new session by sending a new InitializeRequest
without a session ID attached.Mcp-Session-Id
header, to explicitly terminate the session.
MCP-Protocol-Version: <protocol-version>
HTTP header on all subsequent requests to the MCP
server, allowing the MCP server to respond based on the MCP protocol version.
For example: MCP-Protocol-Version: 2025-06-18
The protocol version sent by the client SHOULD be the one negotiated during
initialization.
For backwards compatibility, if the server does not receive an MCP-Protocol-Version
header, and has no other way to identify the version - for example, by relying on the
protocol version negotiated during initialization - the server SHOULD assume protocol
version 2025-03-26
.
If the server receives a request with an invalid or unsupported
MCP-Protocol-Version
, it MUST respond with 400 Bad Request
.
InitializeRequest
to the server URL, with an Accept
header as
defined above:
endpoint
event as the first event.endpoint
event arrives, the client can assume this is a server running
the old HTTP+SSE transport, and should use that transport for all subsequent
communication.