HTTP Headers Explained

HTTP Request and Response objects consist of body and header. While the body in the Response holds the data message (HTML, JSON) or form fields in the Request, the headers let the client and the server to pass essential information about each other.

Headers can be grouped into four categories by their context:

• General headers contain information that is relevant for both request and Response, but no information about the data in a body
• Request headers hold information about the client and requested resource
• Response headers include server details, like time, location, configuration
• Entity header informs browser about the type and body of the resource

Let’s inspect more in details. Go to the webpage www.example.com, open the console > Network tab, and select the document to inspect headers. You will likely see the headers divided into General, Request, and Response.

The first, General group consist of the following information:

• Request URL: https://www.example.com
  The address of the Request and Response

• Request Method: GET
  A method that is used for the operation, like GET, POST, PUT or DELETE

• Status Code: 200 OK
  One of the most critical information that tells the status of the request/response. The different code number says what happened, did the operation succeeded or failed. Status codes are grouped:
  1xx - Informational; the request is processing
  2xx - Success; received, accepted, created
  3xx - Redirect; actions needed, moved to a new location
  4xx - Client Error; bad request, unauthorized or not found
  5xx - Server Error; server failed to fulfill the request, internal server error

• Remote Address: 93.184.216.34:80
  The IP address of the server

Another group is Request Headers includes following properties:

• Accept: text/html
  Informs the server, what data types can be accepted, describes the content format. For example:
  audio/ogg indicates an audio file
  image/png - an image file
  text/html - HTML file
  application/json - data in the JSON format

• Accept-Encoding: gzip, deflate
  An algorithm, such as compression that is used on the recourse sent back.

• Accept-Language: en-US,en
  Hints the server about the expected language

• Connection: keep-alive
  Controls how long connection should stay open

• Host: example.com
  The domain name of the server

• User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4)
  Lets server to identify the characteristics of the application, OS, vendor, and versions

Some of the important and common Request Header properties were not included from the domain example.com, but they should be mentioned:

• Cookie: 'cookie-list'
  Contains stored piece of information, previously sent by the server. For example: Cookie: name=value; name2=value2; name3=value3

• Authorization: 'type' 'credentials'
  Includes credentials to authenticate a user with a server. The two most used types are Basic, for base64-encoded credentials, and Bearer for access tokens.

• Referer: 'url'
  Contains the address of the previous page, from which the user was linked to the current page

The last group is Response Headers includes:

• Age: 270773
  Time in seconds how long the object was in the proxy cache

• Cache-Control: max-age=604800
  Set the instruction for caching. Other setting types: no-cache, no-store, no-transform

• Content-Encoding: gzip
  Specifies the compression algorithm used for the response body

• Content-Length: 648
  The size of the recourse in bytes

• Content-Type: text/html; charset=UTF-8
  The resource type received. The current type is an HTML document.

• Date: Sun, 12 Apr 2020 16:49:25 GMT
  The time when the message was created

• Expires: Sun, 19 Apr 2020 16:49:25 GMT
  Sets the date when the relevant content will no longer be new/fresh

• Server: ECS (nyb/1D2C)
  Specifies the software used by the server at the time of the sent Response

• X-Cache: HIT
  It means that the request was sent not from the origin servers, but from an exclusive network (CDN), designed to cache content, so the user could get Response faster

• Set-Cookie: 'cookie-name=cookie-value'
  Sent cookies from the server to the user-agent. May include other cookie settings, such as expiration date, max-age, domain, security. For example: Set-Cookie: id=qwerty123; Expires=Wed, 13 Apr 2020 07:00:00 GMT

Summing up

The Request and Response headers carry and define transaction information about the user agent, server and data. These headers in the example were the more common ones, there are a lot more of them. The complete list can be found here.