Types of HTTP Headers and Their Functions

HTTP headers are key-value pairs sent between a client (browser) and a server during an HTTP request or response. They help in communication, security, caching, and content handling.

1️⃣ Request Headers (Sent by the Client)

These headers are sent by the browser or client when making an HTTP request to the server.

1.1 General Request Headers

🔹 Host: Specifies the domain name of the server.

http        

Host: www.example.com

🔹 User-Agent: Provides information about the client (browser, OS, device).

h        

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)

🔹 Referer: Tells the server the previous URL from where the request originated.

http        

Referer: https://google.com

🔹 Accept: Specifies the media types the client can handle.

h        

Accept: text/html, application/json

🔹 Accept-Language: Defines the preferred languages.

http        

Accept-Language: en-US, en;q=0.9

🔹 Accept-Encoding: Specifies the encoding formats the client supports.

h        

Accept-Encoding: gzip, deflate, br

🔹 Authorization: Sends authentication credentials (e.g., API keys, JWT).

http        

Authorization: Bearer <token>

1.2 Conditional Request Headers

These headers allow caching and efficient data retrieval.

🔹 If-Modified-Since: Fetches data only if modified after a given date.

h        

If-Modified-Since: Mon, 01 Jan 2024 12:00:00 GMT

🔹 If-None-Match: Fetches data only if the ETag doesn’t match.

http        

If-None-Match: "etag12345"

2️⃣ Response Headers (Sent by the Server)

These headers are sent by the server in response to the client’s request.

2.1 General Response Headers

🔹 Server: Provides information about the server software.

http        

Server: Apache/2.4.41 (Ubuntu)

🔹 Date: Specifies the response date and time.

http        

Date: Wed, 21 Feb 2025 12:34:56 GMT

🔹 Connection: Controls whether the connection stays open.

http        

Connection: keep-alive

2.2 Content Headers

🔹 Content-Type: Specifies the type of content being sent.

h        

Content-Type: text/html; charset=UTF-8

🔹 Content-Length: Defines the size of the response body in bytes.

http        

Content-Length: 5120

🔹 Content-Encoding: Specifies compression applied to the response.

h        

2.3 Caching Headers

🔹 Cache-Control: Controls caching behavior.

http        

Cache-Control: max-age=3600, public

🔹 Expires: Defines when the content should expire.

h        

Expires: Thu, 01 Mar 2025 12:00:00 GMT

🔹 ETag: Unique identifier for cached resources.

http        

2.4 Security Headers

🔹 Strict-Transport-Security (HSTS): Forces HTTPS connections.

http        

Strict-Transport-Security: max-age=31536000; includeSubDomains

🔹 Content-Security-Policy (CSP): Prevents cross-site scripting (XSS).

http        

Content-Security-Policy: default-src 'self'

🔹 X-Frame-Options: Prevents clickjacking attacks.

http        

X-Frame-Options: DENY

🔹 X-XSS-Protection: Protects against cross-site scripting attacks.

http        

X-XSS-Protection: 1; mode=block

🔹 X-Content-Type-Options: Prevents MIME-type sniffing.

http        

X-Content-Type-Options: nosniff

2.5 Redirect Headers

🔹 Location: Redirects the client to another URL.

http        

Location: https://www.newsite.com

🔹 Refresh: Auto-refreshes or redirects after a specific time.

http        

Refresh: 5; URL=https://example.com

3️⃣ Entity Headers (Metadata About the Resource)

🔹 Last-Modified: Indicates when the resource was last changed.

http        

Last-Modified: Tue, 20 Feb 2025 15:00:00 GMT

🔹 Allow: Lists allowed HTTP methods.

http        

Conclusion

HTTP headers are essential for communication between clients and servers. They control caching, security, content types, and user authentication, making web applications more efficient and secure. 🚀