HTTP headers are part of data transfer on the internet. HTTP is the abbreviation for Hypertext Transfer Protocol. Before data of a requested website is delivered from a web server to a browser, the server and browser exchange so-called meta information about the document or website via the HTTP header.
With the HTTP request, browsers transmit information about the date of the request, preferred language, or referrer to a server. This information is answered by the server with an HTTP response header in the response message.
Figure: HTTP request and response, Author: Seobility
The HTTP request or response header contains so-called fields, which consist of one line each. Each line contains a name/value pair separated by a colon and is terminated by a CRLF character string (CR = carriage return and LF = line feed).
Values that can be used for an HTTP request or response header are defined in RFC ("Requests for Comments"). These are formal documents of the Internet Engineering Task Force (IETF), which include standards used on the internet.
Examples of Request Header Fields
Below, you can see some examples of possible request header fields. For a comprehensive overview of all request and response header fields, see https://en.wikipedia.org/wiki/List_of_HTTP_header_fields.
The Accept field in an HTTP request can be used to specify certain media types that are accepted by the client. The general syntax is as follows:
Accept: type/subtype [q=qvalue]
Multiple media types can be separated by commas. The optional value q represents the quality level on a scale from 0 to 1. Example:
Accept: text/plain; q = 0,5, text/html, text/x-dvi; q = 0.8, Text/x-c
The Accept-Charset field is used in HTTP headers to specify which character sets the client accepts for the response.
If several character sets are specified, enter them separated by commas. For example:
Accept-Charset: iso-8859-5, Unicode-1-1; q = 0,8
The Accept-Encoding header field limits the encodings that are acceptable in the response. Syntax:
Accept-Encoding: gzip; q = 0.7
The Accept-Language header field limits the set of natural languages that are preferred in response to the request. The syntax is:
Accept-Language: language; q=qvalue
Multiple languages can be separated by commas. For example:
Accept-Language: en-US; q = 0.9
Allowed values can be looked up in RFC 1766.
The Authorization field is used in HTTP headers to send login information to a server. The syntax is as follows:
Authorization: login information
The cookie header field contains a name/value pair with information stored for the requested URL. Multiple cookie information can be specified here:
Cookie: name1=value1; name2=value2; name3=value3
The HTTP request header field Expect specifies the client's expectations that must be met by a server for the request to be processed properly.
The general syntax is as follows:
Expect : 100-continue
The From field of HTTP headers contains an email address of the user who controls the requesting client. Example:
The From field can be used in HTTP headers for logging purposes and for identification.
The Host field is used in HTTP headers to specify the internet host and port number for the requested resource. The syntax is:
If the port number is missing, this implies the default port 80.
This header field prompts the server to send the requested file only if it matches the specified entity tags. The syntax is:
An asterisk (*) indicates that any file can be sent.
If If-Modified-Since is specified in HTTP headers, a requested resource will only be delivered by the server if it has been changed since the specified date. Otherwise, there will be no delivery and the page will be loaded from the cache of the browser. Syntax:
If-Modified-Since: HTTP date
An example is:
If-Modified-Since: Sat, 13 Oct 2017 15:16:27 GMT
This header prompts the server to send the requested file only if it does not match any of the specified entity tags. The syntax is:
The If-Range header field is used in HTTP headers to request only the part of the content that is missing if the content has not been changed, and the entire content if a change has been made to it. The syntax is as follows:
If-Range: entity-tag/HTTP date
Either an entity tag or a date can be used:
If-Range: Sat, 13 Oct 2017 15:16:27 GMT
If the content has not been changed, the server returns the byte range specified by the range header. Otherwise, the entire new document is returned.
The general syntax is:
If-Unmodified-Since: HTTP date
This field is used in the same way as the If-Modified-Since field.
Max-Forwards tells proxy servers the maximum number of times a message can be forwarded. The syntax is as follows:
The Max-Forwards value "n" is a decimal number. Max-Forwards is useful for debugging with the TRACE method, avoiding endless loops. The Max-Forwards header field can be ignored for all other methods defined in the HTTP specification.
The Proxy-Authorization header field allows the client to identify itself or the user to a proxy. Syntax:
Proxy-Authorization: login information
The range request-header field specifies the subranges of content that are requested. The syntax is:
Range: bytes-unit=first-byte-pos "-" [last-byte-pos]
The values "first-byte-pos" and "last-byte-pos" specify the first and last bytes of the included content, but do not have to be both specified. Multiple content areas can be separated by commas.
The Referrer header field allows the client to specify the address (URL) of the resource from which the URL was requested. The general syntax is as follows:
The TE header field specifies which extension transfer encoding is accepted in the response. The syntax is:
TE: transfer encodings
This header field sends information about the client to a server. For example, the syntax can be as follows:
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36