Open in app

Sign in

Write

Sign in

HTTP Headers: Extra pieces of Information

Madushan perera
4 min readMar 13, 2023

--

What are HTTP headers?

When making requests, headers are extra pieces of information you can provide to the web server, such as the type of content being sent, the length of the content, the language of the content, and other important details.

Do HTTP headers consist of a name-value pair?

Yes, HTTP headers consist of a name-value pair, where a colon separates the name and value. The name identifies the specific header being sent, such as “Content-Type” or "Authorization." The value provides additional information about that header, such as the MIME type of content or the authentication credentials being used. Multiple headers can be sent in a single HTTP request or response, with each header consisting of a separate name-value pair.

HTTP headers are divided into four categories.

Request headers: Client to Server

Response headers: Server to Client

Representation headers: Information about the body of the resource

Payload headers: Information about the payload data

Request headers

Request headers are used to provide additional information about a client’s request to a server.

Here are some common examples of request headers.

Accept

This header is used when a client wants to inform the server about the type of data that the client can understand.

example: [Accept: image/png]

Authorization

This header is used to send credentials, such as a username and password, to the server for authentication.

ex: [Authorization: Basic TWFkdXNoYW46Rm9sbG93IU15TWVkaXVt]

In this example, the value of the Authorization header is a base64-encoded string that contains the username and password, separated by a colon. Decoding that string will also be more interesting!

Accept-Language

This header tells the server which language the client prefers for the response.

ex: [Accept-Language: en-US,en;q=0.9,fr;q=0.8,es;q=0.7]

User-Agent

This header provides information about the client software, including the operating system and browser being used.

Accept-Encoding

This header is usually attached to a request to the server, indicating which encoding method is understandable by the client.

Response headers

Response headers are used to provide additional information about a server’s responses to the client.

Here are some common examples of response headers.

Cache-Control

The cache-control response header is used to specify directives for caching mechanisms in both requests and responses. It is a standard HTTP header that allows the server to control how the response should be cached, and how long it should be cached for.

The Cache-Control header can have several directives, including:

  1. max-age: Specifies the maximum time (in seconds) that the response can be cached by the client.
  2. no-cache: Instruct the client to revalidate the response with the server before using it.
  3. no-store: Instruct the client not to store any part of the response.
  4. must-revalidate: Requires the client to revalidate the response with the server on every request.
  5. public: Allows the response to be cached by any cache, including intermediate caches.
  6. private: Allows the response to be cached by the client only.
  7. no-transform: Instruct intermediaries not to modify the response content.

The Cache-Control header is an essential tool for optimizing the performance and reliability of web applications. By using appropriate caching directives, developers can ensure that responses are delivered quickly and reliably, while also ensuring that sensitive or dynamic content is not cached improperly.

Content-Type

: Application/ json

This header indicates that the response body contains JSON data.

Server

: Apache/2.4.41 (Ubuntu) This header indicates the server software and version being used to generate the response.

Representation headers

In HTTP responses, representation headers are used to inform the client about the representation of a resource being delivered. A representation header can be used to describe the format, encoding, language, or version of the resource, among other things.

Payload headers

Payload headers refer to the part of a data packet that contains information about the actual data being transmitted. The header typically includes information such as the source and destination IP addresses, the protocol being used (ex-: TCP, UDP), and other control information. In the case of HTTP (Hypertext Transfer Protocol), the payload header contains information such as the request method (ex-: GET, POST), the URI (Uniform Resource Identifier) of the requested resource, and other metadata related to the request or response.

Overall, the payload header is an essential component of data transmission as it provides the necessary information for the network to correctly route and process the data.

Next>>> HTTP Security Headers

HTTP security headers are a set of HTTP response headers that can be used to enhance the security of web applications. These headers provide additional information to web browsers and other user agents to help protect against various types of attacks, including cross-site scripting (XSS), clickjacking, and content injection.

I will discuss this in the next article.

Follow me for more & Keep getting in touch with me!

--

--

Madushan perera

Written by Madushan perera

24 Followers

Cloud Security Enthusiast | Research Writer

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams