Understanding HTTP headers and HTTP header fields
HTTP headers provide vital information required for a HTTP transaction send via http protocol.
The general HTTP header format contains colon-separated name - value pairs in the header field. Each of the name-value pair end with a carriage return (CR) and a line feed (LF) character sequence. Empty fields at the end of each header indicate the end of the header.
The common header format followed by applications looks like:
Types of HTTP headers
There are four types of HTTP message headers. They are:
- General Header
- Request Header
- Response Header
- Entity Header
General Header fields have common applicability in request and response messages. The header fields apply only to the transmitted message and do not apply on the transferred entity.
The structure of a general header looks like:
Cache-control field specifies directives that have to be followed by every caching mechanism on a request and response system.
Connection field allows the sender to specify options required for a connection. The connection header has the following format:
Date field represents the date and time during the initiation of the message. The date format specified in HTTP look like:
Pragma field helps to include implementation specific directive applicable to any recipient on a request and response system.
Trailer field value specifies whether a set of header fields in message trailer is encoded with chunk transfer-coding.
Transfer-Encoding field indicate whether any type of transformation is applied to the message body.
Upgrade field enables clients to specify additional supported communication protocols. It also enables the server to switch protocols with the additional protocols.
Via field are mandatory fields used by proxies and gateways which indicate intermediate protocols. It also indicates request recipient between user-agent and server and response between server and client.
Warning field carries additional information on message status and message transformations which are not reflected in the message.
Warning headers are usually sent with responses.
HTTP Request Header
The request header field allows clients to additionally pass request information and client information to the server.
The structure of a request header looks like:
Accept field specifies media types which are acceptable for response.
'*' is used to group media types in range
'*/*' indicate all media types
'type/*' indicate all subtypes of a type
Accept-Charset field indicates response acceptable character sets. It makes clients capable to understand special purpose character sets to signal the server to represent document in these character sets.
Accept-Encoding field is similar to Accept, restricts response acceptable content-coding.
Accept-Language field is similar to Accept, restricts preferred set of natural languages.
Authorization field is for user agents who wish to authenticate themselves with the server.
Expect field indicates server behaviors required by a client.
From field contains e-mail address of a user who controls the requesting user-agent.
Host field specifies the internet host and requested resource port number from user URI.
If-Match field is used to make conditional methods.
If-Modified-Since field is used to make a conditional method. If the requested variant is not modified within the specified time, the entity will not be returned from the server.
If-None-Match field allows efficient update of cache information with minimum transaction overhead.
If-Range field allows clients to receive part of the missing entity or otherwise clients can ask to send the entire new entity.
If-Unmodified-Since field allows the server to perform requested operation if it has not been modified since the time specified in this field.
Max Forwards field provides mechanisms with TRACE and OPTIONS methods to limit the request forwarding proxies or gateways.
Proxy Authorization field allows client to identify to secure proxy.
Range field specifies the HTTP entities in HTTP messages represented as a sequence of bytes. HTTP retrieval request requests one or more sub range of entity using GET methods.
Referrer field allows clients to specify the address URI of the resource from which Request-URI is found.
TE field indicates extension transfer-coding it can accept in the response. Additionally, it indicates whether it will accept trailer fields in chunk transfer-coding.
User-Agent field contains information about the requesting user-agent.
HTTP Response Header
The response header field allows server to pass additional information through the responses other than simple Status-Line response.
The structure of the response header looks like:
Accept-Ranges field enables servers to indicate acceptance of resource range requests.
Age field indicates sender the approximate
amount of time since server responded.
ETag field provides current value of the entity tag for a request.
Location field redirects recipients to locations other than Request-URI to complete identification of a new resource.
Proxy-Authenticate field is a mandatory inclusion for proxy authentication response.
Retry-After field is used as a response when a service is unavailable to indicate the length of period for which service will remain unavailable to the client.
Server field contains information about software used by server to handle requests.
Vary field indicates request field that determine whether a cache is eligible to use the response of a request without revalidation of the response.
WWW-Authenticate field are used when a response message is unauthorized.
HTTP Entity Header
Entity header fields define meta-information about the entity body or the requested resource. The entity header format looks like:
Allow field list the set of methods supported by Request-URI identified resources.
Content-Encoding field is used as a media-type modifier.
Content-Language field describes natural language for clients of an entity.
Content-Length field indicates the size of an entity represented in decimal number.
Content-Location field provides resource location for an entity when it is accessible from a location other than Requested-URI.
Content-MD5 field provides message integrity check (MIC) using an MD5 digest on the entity body.
Content-Range field specifies where partial body of the full entity-body should be applied.
Content-Type field indicates whether the media type of the entity body is sent to the recipient or GET method is used to send requests.
Expires field provides the date/time after which the response becomes stale.
Last Modified field indicates the date and time of last modification of the variant.
The order in which fieldname appears in header when received is insignificant. Conventionally general headers are placed first, followed by request or response header with entity header at the end.
HTTP Debugger is a proxy-less HTTP sniffer for developers that provides the ability to capture and analyze HTTP headers,
cookies, POST params, HTTP content and CORS headers from any browser or desktop application.
Very easy to use, with clean UI, and short ramp-up time.
Download FREE 7-Day Trial
HTTP Debugger Pro
- View HTTP headers
- See all in/out HTTP traffic
- Edit/resubmit HTTP sessions
- Decrypt SSL traffic
- Clean UI, very easy to use