HTTP Header

Tags:

HTTP Header

HTTP headers are metadata exchanged in HTTP requests and responses. They describe how the message should be interpreted, how caching should work, what content types are acceptable, authentication information, connection behavior, and entity information such as content length and encoding.

Category Request Response Headers
General header Cache-Control, Connection, Date, Pragma, Trailer, Transfer-Encoding, Upgrade, Via, Warning
Request header × Accept, Accept-Charset, Accept-Encoding, Accept-Language, Authorization, Expect, From, Host, If-Match,
If-Modified-Since, If-None-Match, If-Range, If-Unmodified-Since, Max Forwards, Proxy-Authorization, Range,
Referer, TE, User-Agent
Response header × Accept-Ranges, Age, ETag, Location, Proxy-Authenticate, Retry-After, Server, Vary, WWW-Authenticate
Entity header Allow, Content-Encoding, Content-Language, Content-Length, Content-Location, Content-MD5, Content-Range,
Content-Type, Expires, Last-Modified, extension-header

Common Request Headers

  • Accept: tells the server which data formats (MIME types) the browser can receive. * means “all.”
  • Accept-Charset: tells the server which character sets the browser can receive.
  • Accept-Encoding: tells the server which encodings the browser can receive. For example, if gzip is supported, the server can gzip-compress the message body and the browser can decompress and display it.
  • Accept-Language: tells the server which languages the browser can receive.
  • Authorization: sends authentication information for a resource that requires authentication.
  • Host: specifies the host name and port number of the server to which the request is sent. It is the only required header in HTTP/1.1.
  • If-Match, If-None-Match, If-Modified-Since, If-Unmodified-Since, If-Range: conditional request headers used with cache validation and partial requests.
  • Range: requests only part of an entity from the server.
  • Referer: passes the URL of the page that was the source of this request.
  • User-Agent: sends information about the client application, browser, operating system, version, platform, and similar details.

Common Response Headers

  • Accept-Ranges: tells the client which units are available for Range requests. Currently bytes is defined.
  • Age: indicates the estimated elapsed time in seconds since the entity was generated.
  • ETag: indicates an identifier that uniquely identifies an entity and its version.
  • Location: indicates the redirect target URL.
  • Proxy-Authenticate: indicates that authentication is required between the proxy server and client.
  • Retry-After: returned with 503 Service Unavailable or 3xx redirection to indicate when to retry.
  • Server: returns server information to the browser.
  • Vary: indicates headers used for server-driven negotiation, such as Accept, Accept-Charset, and Accept-Language.
  • WWW-Authenticate: indicates that authentication is required.

Common Entity and General Headers

  • Allow: provides the list of methods that can be used for the resource indicated by the request URL.
  • Cache-Control: indicates cache directives. In HTTP/1.0, Pragma: no-cache is used.
  • Connection: indicates persistent connection behavior such as Keep-Alive or close.
  • Content-Encoding: indicates the content encoding method, such as gzip.
  • Content-Language: indicates the language of the content, such as en or ko.
  • Content-Length: indicates the length of the content (message body) in bytes.
  • Content-Location: indicates another URL where the content is accessible.
  • Content-MD5: provides check data for verifying that content was not changed during communication.
  • Content-Range: indicates the range of content being sent.
  • Content-Type: indicates the MIME type of the resource, and can also include a character set.
  • Date: indicates the time at which the response is returned.
  • Expires: indicates the expiration date of the entity.
  • Last-Modified: indicates the time when the entity was last updated.
  • Max-Forwards: specifies the maximum number of forwarding or relay facilities to pass through for OPTIONS and TRACE.
  • Pragma: used for various purposes, such as telling proxies or clients not to use cache.
  • TE: tells the server which transfer codings or trailer fields the browser can process.
  • Trailer: lists headers appended after chunked content.
  • Transfer-Encoding: indicates the encoding format used for transfer.
  • Upgrade: tells the other party that another protocol is recommended.
  • Via: indicates the message delivery path through proxies.
  • Warning: passes warning codes and messages added to the status line.
  • extension-header: various additional headers can be implemented by servers.

Virtual Hosts

HTTP/1.1 supports virtual hosts. An HTTP/1.1 client must send the host name in the Host header. The server responds with content corresponding to that virtual host. This makes it possible to support multiple websites on one server.

GET / HTTP/1.1
Host: www.devkuma.com

Persistent Connections (Keep-Alive)

Early HTTP opened a new socket connection every time an HTTP request was sent, which was inefficient. Persistent connections solve this inefficiency by sending multiple requests over one connection. HTTP/1.0 introduced Keep-Alive, which became standardized.

Clients can improve communication performance by requesting multiple contents through a single TCP connection. When keeping a persistent connection, the Connection header usually specifies Keep-Alive; the final request specifies close.

Chunked Transfer

When a server does not know the length of content, such as when generating CGI results, it can return chunked data. In chunked data, the byte count of continuous data is represented in hexadecimal. 0 means the end of data.

BASIC Authentication

With HTTP Basic authentication, the server returns the WWW-Authenticate header in response to a client request. When the client receives it, it displays a dialog asking for a login name and password, encodes the entered values, and requests the content again.