dev-resources.site
for different kinds of informations.
HTTP Headers Explained
HTTP Request and Response objects consist of body and header. While the body in the Response holds the data message (HTML, JSON) or form fields in the Request, the headers let the client and the server to pass essential information about each other.
Headers can be grouped into four categories by their context:
- General headers contain information that is relevant for both request and Response, but no information about the data in a body
- Request headers hold information about the client and requested resource
- Response headers include server details, like time, location, configuration
- Entity header informs browser about the type and body of the resource
Letβs inspect more in details. Go to the webpage www.example.com, open the console > Network tab, and select the document to inspect headers. You will likely see the headers divided into General, Request, and Response.
The first, General group consist of the following information:
Request URL: https://www.example.com
The address of the Request and ResponseRequest Method: GET
A method that is used for the operation, like GET, POST, PUT or DELETEStatus Code: 200 OK
One of the most critical information that tells the status of the request/response. The different code number says what happened, did the operation succeeded or failed. Status codes are grouped:
1xx - Informational; the request is processing
2xx - Success; received, accepted, created
3xx - Redirect; actions needed, moved to a new location
4xx - Client Error; bad request, unauthorized or not found
5xx - Server Error; server failed to fulfill the request, internal server errorRemote Address: 93.184.216.34:80
The IP address of the server
Another group is Request Headers includes following properties:
Accept: text/html
Informs the server, what data types can be accepted, describes the content format. For example:
audio/ogg indicates an audio file
image/png - an image file
text/html - HTML file
application/json - data in the JSON formatAccept-Encoding: gzip, deflate
An algorithm, such as compression that is used on the recourse sent back.Accept-Language: en-US,en
Hints the server about the expected languageConnection: keep-alive
Controls how long connection should stay openHost: example.com
The domain name of the serverUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4)
Lets server to identify the characteristics of the application, OS, vendor, and versions
Some of the important and common Request Header properties were not included from the domain example.com, but they should be mentioned:
Cookie: 'cookie-list'
Contains stored piece of information, previously sent by the server. For example: Cookie: name=value; name2=value2; name3=value3Authorization: 'type' 'credentials'
Includes credentials to authenticate a user with a server. The two most used types are Basic, for base64-encoded credentials, and Bearer for access tokens.Referer: 'url'
Contains the address of the previous page, from which the user was linked to the current page
The last group is Response Headers includes:
Age: 270773
Time in seconds how long the object was in the proxy cacheCache-Control: max-age=604800
Set the instruction for caching. Other setting types: no-cache, no-store, no-transformContent-Encoding: gzip
Specifies the compression algorithm used for the response bodyContent-Length: 648
The size of the recourse in bytesContent-Type: text/html; charset=UTF-8
The resource type received. The current type is an HTML document.Date: Sun, 12 Apr 2020 16:49:25 GMT
The time when the message was createdExpires: Sun, 19 Apr 2020 16:49:25 GMT
Sets the date when the relevant content will no longer be new/freshServer: ECS (nyb/1D2C)
Specifies the software used by the server at the time of the sent ResponseX-Cache: HIT
It means that the request was sent not from the origin servers, but from an exclusive network (CDN), designed to cache content, so the user could get Response fasterSet-Cookie: 'cookie-name=cookie-value'
Sent cookies from the server to the user-agent. May include other cookie settings, such as expiration date, max-age, domain, security. For example: Set-Cookie: id=qwerty123; Expires=Wed, 13 Apr 2020 07:00:00 GMT
Summing up
The Request and Response headers carry and define transaction information about the user agent, server and data. These headers in the example were the more common ones, there are a lot more of them. The complete list can be found here.
Featured ones: