http-protocol-headers

Overview

HTTP headers let the client and the server pass additional information with an HTTP request or response. An HTTP header consists of its case-insensitive name followed by a colon (:), then by its value. Whitespace before the value is ignored

Headers can be grouped according to their contexts:

• General headers apply to both requests and responses, but with no relation to the data transmitted in the body. like Date, Cache-Control or Connection.
• Request headers contain more information about the resource to be fetched, or about the client requesting the resource.
• Response headers hold additional information about the response, like its location or about the server providing it.
• Entity headers contain information about the body of the resource, like its content length or MIME type. like Content-Length, Content-Language, Content-Encoding.

GET /home.html HTTP/1.1
Host: developer.mozilla.org
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:50.0) Gecko/20100101 Firefox/50.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://developer.mozilla.org/testpage.html
Connection: keep-alive
Upgrade-Insecure-Requests: 1
If-Modified-Since: Mon, 18 Jul 2016 02:36:04 GMT
If-None-Match: "c561c68d0ba92bbeb8b0fff2a9199f722e3a621a"
Cache-Control: max-age=0

End-to-end headers

These headers must be transmitted to the final recipient of the message: the server for a request, or the client for a response. Intermediate proxies must retransmit these headers unmodified and caches must store them. like Content-Encoding.

Hop-by-hop headers
These headers are meaningful only for a single transport-level connection, and must not be retransmitted by proxies or cached. like Transfer-Encoding.

Common General Header

Date

The Date general HTTP header contains the date and time at which the message was originated.
Date: Wed, 21 Oct 2015 07:28:00 GMT

Connection

The Connection general header controls whether or not the network connection stays open after the current transaction finishes.

Connection: keep-alive

Cache-Control

The Cache-Control general-header field is used to specify directives for caching mechanisms in both requests and responses. Caching directives are unidirectional, meaning that a given directive in a request is not implying that the same directive is to be given in the response

Cache-Control: public, max-age=31536000

Common Request Header

HOST

The Host header is mandatory in HTTP/1.1 requests, domain of the server with/without port, if no port provided, for http, it’s 80, https, 443.

Host: gethttp.info

Referer

tells the server where the requested URL came from. It will almost always be another URL, or else empty for a direct request, the Referer is the URL to the original page, let’s one web page depends on css/js, when you get css/js, the referer points to the web page.

Referer: https://www.quora.com/profile/Lee-Dowthwaite

User-Agent

User-Agent identifies the requesting system

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36

Accept

The Accept header(server side: Content-type) is how a client (browser or application) tells the server what kind of content it can accept in the HTTP response. The content types are comma-separated, and take the form type/subtype such as text/html, application/json or audio/mpeg.

Accept: text/html, text/plain; q=0.6, */*; q=0.1
Accept: application/graphql, application/json; q=0.8, application/xml; q=0.7

Accept-Encoding

Accept-Encoding(server side: Content-Encoding) defines what type of content encoding (usually a compression algorithm) the client can accept in the response body, Note(server should use the suggested if it can do)

Client can also explicitly prohibits this encoding by specifying identity;q=0, in this server must not use this encoding.

Accept-Encoding: br, gzip;q=0.9, deflate;q=0.8, *;q=0.1

Accept-Language

The HTTP Accept-Language header tells the server the client’s preferred natural language

Accept-Language: en-GB, en-US, en;q=0.9

Authorization

The HTTP Authorization header specifies the authorization scheme and any associated data or token, and carries that data as a header payload.

Authorization: Basic ZmFsa2VuOmpvc2h1YTU= # encode64(user:password)

JWT or OAuth 2.0 token

Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzY290Y2guaW8iLCJleH

a digest (or hash) value is created from a predetermined combination of the username, password, and some information from the server, including random (or “nonce”) values

Authorization: Digest adfsa23f31fsa32f2f # hash(user, password, extra_info)

Cookie

The Cookie request-header field value contains a name/value pair of information stored for that URL.
Cookie: name1=value1;name2=value2

Common Response Header

Age

The Age response-header field conveys the sender’s estimate of the amount of time since the response (or its revalidation) was generated at the origin server

Age: 100 # 100s

Location

The Location response-header field is used to redirect the recipient to a location other than the Request-URI for completion

Location: http://www.tutorialspoint.org/http/index.htm

Retry-After

The Retry-After response-header field can be used with a 503 (Service Unavailable) response to indicate how long the service is expected to be unavailable to the requesting client

Retry-After: 120

Server

The Server response-header field contains information about the software used by the origin server to handle the request

Server: Apache/2.2.14 (Win32)

Set-Cookie

The Set-Cookie response-header field contains a name/value pair of information to retain for this URL.

Set-Cookie: name1=value1,name2=value2; Expires=Wed, 09 Jun 2021 10:18:14 GMT; Domain=xx.com; Path=/doc

WWW-Authenticate

The WWW-Authenticate response-header field must be included in 401 (Unauthorized) response messages

Common Entity Headers

Allow

The Allow entity-header field lists the set of methods supported by the resource identified by the Request-URI.

Allow: GET, HEAD, PUT

Content-Encoding

The Content-Encoding entity-header field is used as a modifier to the media-type.

Content-Encoding: gzip

Content-Language

The Content-Language entity-header field describes the natural language(s) of the intended audience for the enclosed entity

Content-Language: en

Content-Length

Content-Length: 3495

Content-MD5

The Content-MD5 entity-header field may be used to supply an MD5 digest of the entity for checking the integrity of the message upon receipt.

Content-MD5 : 8c2d46911f3f5a326455f0ed7a8ed3b3

Content-Type

The Content-Type entity-header field indicates the media type of the entity-body sent to the recipient or, in the case of the HEAD method, the media type that would have been sent, had the request been a GET.

Content-Type: text/html; charset=ISO-8859-4

Expires
The Expires entity-header field gives the date/time after which the response is considered stale

Expires: Thu, 01 Dec 1994 16:00:00 GMT

Last-Modified
The Last-Modified entity-header field indicates the date and time at which the origin server believes the variant was last modified.

Last-Modified: Tue, 15 Nov 1994 12:45:26 GMT

Ref

• header faq
• common headers
• all headers wiki
• all headers mdn
• all content-type