HTTP Headers 101
This tutorial is about HTTP headers and how they are useful.
What are HTTP Headers?
HTTP stands for Hypertext Transfer Protocol. When you opened this blog post, your browser sent a couple of HTTP requests to GET the HTML content of this blog post to display in your browser, and it received an HTTP reply for each one of them. HTTP headers provide required information about the request or response, or about the object sent in the message body.
These headers are the integral part of these HTTP communications, they carry information about the client OS, client browser, cookies etc.
Example
When you request a webpage in your browser, your headers may look like this:
GET /myblog/ HTTP/1.1
Host: medium.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.79 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate, sdch
Accept-Charset: ISO-8859–1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 200
Connection: keep-alive
Cookie: PHPSESSID=r2t5uvjq435r4q7ib3vtdjq120
Pragma: no-cache
Cache-Control: no-cacheThe first line “GET /myblog/ HTTP/1.1” is the request line.
In response, your browser may receive a response like this:
HTTP/1.x 200 OK
Transfer-Encoding: chunked
Date: Sat, 28 Feb 2016 06:48:30 GMT
Server: LiteSpeed
Connection: close
Pragma: public
Expires: Sat, 28 Nov 2009 06:48:30 GMT
Etag: "pub125655237;gz"
Cache-Control: max-age=3600, public
Content-Type: text/html; charset=UTF-8
Last-Modified: Sat,15 Dec 2015 03:50:37 GMT
X-Pingback: http://medium.com/xmlrpc.php
Content-Encoding: gzip
Vary: Accept-Encoding, Cookie, User-Agent
<!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Strict//EN” "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns=”http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<! — … rest of the html … →The first line “HTTP/1.x 200 OK” is the response line, response code of 200 means everything was okay.
These are the common header fields:
1) Host
Host: host [ ":" port ]
The host request-field contains information about the site being requested together with the optional port number. If port number is not mentioned it is assumed to be 80.
2) User-Agent
User-Agent: product | comment
The user agent request header contains information about the user agent originating the request. This can be used for a number of reasons like statistical purposes, detecting protocol violations, and tailoring different responses for different user-agents.
3) Accept
Accept: type/subtype [q=qvalue]
The Accept request-header field can be used to specify certain media types which are acceptable for the response.
Example: Accept: audio/*; q=0.2, audio/basic → I prefer audio/basic, but send me any audio type if it is the best available after an 80% mark-down in quality.
4) Accept-Language
Accept-Language: language [q=qvalue]
This request header specifies the language the response is expected to be in. Multiple languages can be listed separated by commas and the optional qvalue represents an acceptable quality level for non preferred languages on a scale of 0 to 1.
5) Accept-Encoding
Accept-Encoding: encoding types
The Accept-Encoding request-header field is similar to Accept, but restricts the content-codings that are acceptable in the response.
6) Accept-Charset
Accept-Charset: character_set [q=qvalue]
The Accept-Charset request-header field can be used to indicate what character sets are acceptable for the response. Multiple values can be inserted in it separated by a comma.
7) Connection
Connection : “Connection”
The Connection general-header field allows the sender to specify options that are desired for that particular connection and MUST NOT be communicated by proxies over further connections. HTTP/1.1 applications that do not support persistent connections MUST include the “close” connection option in every message.
8) Cookie
Cookie: name1=value1;name2=value2;name3=value3
The Cookie request-header field value contains a name/value pair of information stored for that URL. These are session cookies that are used to store data. No new Pragma directives will be defined in the future.
9) Pragma
Pragma: no-cache
The Pragma general-header field is used to include implementation specific directives that might apply to any recipient along the request/response chain.
10) Cache-Control
Cache-Control : cache-request-directive|cache-response-directive
The Cache-Control general-header field is used to specify directives that MUST be obeyed by all the caching system. An HTTP client or server can use the Cache-control general header to specify parameters for the cache or to request certain kinds of documents from the cache.
11) Referer
Referer : absoluteURI | relativeURI
The Referer request-header field allows the client to specify the address (URI) of the resource from which the URL has been requested.
12) Transfer-Encoding
Transfer-Encoding = “Transfer-Encoding”
The Transfer-Encoding general-header field indicates what (if any) type of transformation has been applied to the message body in order to safely transfer it between the sender and the recipient. If multiple encodings have been applied to an entity, the transfer- codings MUST be listed in the order in which they were applied.
13) Expires
Expires : HTTP-date
The Expires entity-header field gives the date/time after which the response is considered stale.
14) Content-Type
Content-Type : media-type
The Content-Type entity-header field indicates the media type of the entity-body sent to the recipient or, in the case of the HEAD method, the media type that would have been sent, had the request been a GET.
15) Vary
Vary : field-name
The Vary response-header field specifies that the entity has multiple sources and may therefore vary according to the specified list of request header(s)
