1.4. HTTP Headers: Request and Response


Categories of headers

HTTP headers are pieces of information exchanged between a web browser and a web server within the framework of the Hypertext Transfer Protocol (HTTP). They contain metadata about a request or response, such as content type, encoding, content length, date, time, and more.

The functioning principle of HTTP headers involves appending them to a request or response as a text string. This string begins with the header name, followed by a colon and a space, and then the header value. For example:

Content-Type: text/htmlContent-Length: 1024Date: Mon, 13 Mar 2023 20:34:56 GMT

HTTP headers can be categorized as follows:

  1. General Headers - applicable to any type of message. For instance, the "Connection" header specifies whether the connection should be closed after transmitting the message.
  2. Request Headers - headers sent by the client in a request to the server. For example, the "User-Agent" header indicates the browser used by the client.
  3. Response Headers - headers sent by the server in response to a client's request. For instance, the "Content-Type" header specifies the type of content to be delivered to the client.
  4. Extension Headers - non-standard headers added by developers to address specific tasks.

In turn, request and response headers are subdivided into the following subcategories:

  • Caching Headers - boost website performance by caching rarely changing data (media files, documents, CSS page styles) as local copies on end devices or proxy servers. This way, the server doesn't need to transmit all the data, just a small portion, saving bandwidth and loading pages faster. We will delve into the caching mechanism in detail in one of the upcoming articles.
  • Security Headers - encompass a wide array of headers offering mechanisms for user authentication and protection against hacking attacks. We'll also examine them closely in one of the upcoming lessons.
  • Proxy Server Headers - they are not numerous and are used to interact with proxy servers, which are widely employed nowadays.

Let's examine some headers using simple examples.


Request Headers

Descript of HTTP Request headers

Certainly, here's the translation of the meanings:

  1. The request was directed to the server with the name website.com (Host: website.com). This header is particularly important when multiple different websites are hosted on one server, and all are accessible through the same address and port. Thanks to the Host header, the web server knows which site the request is intended for.
  1. The client sending the request informs the server that it can accept and process data only in one of the specified formats, namely HTML or XML pages, WEBP images, and PDF files.
  1. Furthermore, the request to the website was made from the site https://eshop.com, indicating that there was a link to the website.com on this site and the user clicked on it. By the way, the Referrer header is used by advertising and marketing agencies to track user activity.
  1. Keep the connection active after transmitting data (Connection: keep-alive).
  1. The User-Agent provides information about the browser type, its version, and the operating system. In this case, the request was made from a Chrome browser version 110 installed on a 64-bit Windows system.

Below are a few more examples of User-Agents for different types of browsers:

Examples of different Browser User Agents


Response headers

Description of HTTP Response headers

Certainly, here's the translation of the meanings:

  1. The server provided the client with an HTML page encoded in UTF-8.
  2. Apache version 2.4.1 is used as the web server. This header doesn't affect the operation of browsers and other clients, and for security reasons, it's recommended to turn it off.
  3. To remember the client/user, the server generated a unique session identifier, which is passed through cookies. When the browser receives cookies from the server, it sends them back to the server with all subsequent requests. This way, the server will know and "remember" the user. We will delve into how sessions work in more detail in one of the upcoming lessons.
  4. The server informs that the transmitted data can be cached for up to 36000 seconds (Cache-Control: max-age=36000). After this period, the browser will remove the cached data.
  5. Since the server sent an HTML page in the response body, it also indicates the length of the transmitted data in bytes, in our case, 4543 bytes.

These are not all the headers, but I hope you have a general understanding of what they represent and how they work. In the subsequent lessons, we will continue to study headers.