Understanding HTTP Headers. Recently, I decided I ne... about:reader?url=https%3A%2F%2Fround-lake.dustinice.workers.dev%3A443%2Fhttps%2Ftech.jotform.com...

tech.jotform.com

Understanding HTTP Headers -

Jotform Tech
Atakan Demircioğlu

6-7 minutes

Recently, I decided I needed to refresh my knowledge of HTTP

headers. Here are the notes I made.

1 of 8 7/3/23, 01:36
Understanding HTTP Headers. Recently, I decided I ne... about:reader?url=https%3A%2F%2Fround-lake.dustinice.workers.dev%3A443%2Fhttps%2Ftech.jotform.com...

Table of Contents:

· What are HTTP headers?

· Groups of Headers with Their Context
· End-to-end and Hop-by-hop Headers
· Example
∘ Additional Resources
∘ Resources

What Are HTTP Headers?

• An HTTP header is a field of an HTTP request or response that

passes additional context and metadata about the request or
response.

• Headers are case-insensitive

• They are an integral part of HTTP communications.

Groups of Headers with Their Context

Request headers:

• These headers contain information about the resource to be

fetched.

• Not all headers that can appear in a request are referred to as

request headers according to the specification. For example, the
Content-Type header is referred to as a representation header.

Response headers:

• hold information about the response (like its location)

Representation headers:

2 of 8 7/3/23, 01:36
Understanding HTTP Headers. Recently, I decided I ne... about:reader?url=https%3A%2F%2Fround-lake.dustinice.workers.dev%3A443%2Fhttps%2Ftech.jotform.com...

• These contain information about the body of the resource, like its
MIME type, or encoding/compression applied.

• Response headers, like Age, Location, and Server, give a more

detailed context about the response.

Payload headers:

• These headers contain representation-independent information

about payload data, including content length and the encoding
used for transport.

• They may be present in both HTTP request and response

messages.

End-to-End and Hop-by-Hop Headers

For the purpose of defining the behavior of caches and non-

caching proxies, HTTP headers are divided into into two
categories:

• End-to-end headers must be transmitted to the ultimate recipient

of a request or response.

• End-to-end headers in responses must be stored as part of a

cache entry and transmitted in any response formed from a cache
entry.

• Hop-by-hop headers are meaningful only for a single transport-

level connection and they are not stored by caches or forwarded
by proxies.

The following HTTP/1.1 headers are hop-by-hop headers:

• Connection

3 of 8 7/3/23, 01:36
Understanding HTTP Headers. Recently, I decided I ne... about:reader?url=https%3A%2F%2Fround-lake.dustinice.workers.dev%3A443%2Fhttps%2Ftech.jotform.com...

• Keep-Alive

• Public

• Proxy-Authenticate

• Transfer-Encoding

• Upgrade

All other headers defined by HTTP/1.1 are end-to-end headers.

Example

There are a lot of different HTTP headers. Here’s an example.

GET /home.html HTTP/1.1

Host: developer.mozilla.org
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:50.0)
Gecko/20100101 Firefox/50.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;
q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://developer.mozilla.org/testpage.html
Connection: keep-alive
Upgrade-Insecure-Requests: 1
If-Modified-Since: Mon, 18 Jul 2016 02:36:04 GMT
If-None-Match: "c561c68d0ba92bbeb8b0fff2a9199f722e3a621a"
Cache-Control: max-age=0

The first line “GET /home.html HTTP/1.1” represents the request

line.

Host contains information about the site being requested together

4 of 8 7/3/23, 01:36
Understanding HTTP Headers. Recently, I decided I ne... about:reader?url=https%3A%2F%2Fround-lake.dustinice.workers.dev%3A443%2Fhttps%2Ftech.jotform.com...

with the optional port number. (default: 80)

User-Agent contains information about the user agent originating
the request.
Accept is used to specify certain media types that are acceptable
for the response. For example, a browser uses different values in a
request when fetching a CSS stylesheet, image, video, or script.
Accept-Language is language the response is expected to be in.
allowed multiple languages separated by commas. Accept-
Language: de-CH
Accept-Encoding is usually a compression algorithm) that the
client can understand. (deflate, gzip)
Referer allows the client to specify the address (URI) of the
resource from which the URL has been requested.
Connection: keep-alive means that any subsequent requests to
the server will use the same connection. close will automatically
close the connection between the host and server, meaning that
any subsequent requests will have to establish a new TCP
connection.

And the response might be like that

200 OK
Access-Control-Allow-Origin: *
Connection: Keep-Alive
Content-Encoding: gzip
Content-Type: text/html; charset=utf-8
Date: Mon, 18 Jul 2016 16:06:00 GMT
Etag: "c561c68d0ba92bbeb8b0f612a9199f722e3a621a"
Keep-Alive: timeout=5, max=997
Last-Modified: Mon, 18 Jul 2016 02:36:04 GMT
Server: Apache

5 of 8 7/3/23, 01:36
Understanding HTTP Headers. Recently, I decided I ne... about:reader?url=https%3A%2F%2Fround-lake.dustinice.workers.dev%3A443%2Fhttps%2Ftech.jotform.com...

Set-Cookie: mykey=myvalue; expires=Mon, 17-Jul-2017 16:06:00

GMT; Max-Age=31449600; Path=/; secure
Transfer-Encoding: chunked
Vary: Cookie, Accept-Encoding
X-Backend-Server: developer2.webapp.scl3.mozilla.com
X-Cache-Info: not cacheable; meta data too large
X-kuma-revision: 1085259
x-frame-options: DENY

The first line is the HTTP status code. 200 means success.

Access-Control-Allow-Origin: When Site A tries to fetch content

from Site B, Site B can send an Access-Control-Allow-Origin
response header to tell the browser that the content of this page is
accessible to certain origins. The best practice is not giving * for
this header. Instead of *, just give your servers.
Etag: It is an entity tag. Used as the identifier for a specific version
of the resource. If the resource at a given URL changes, a new
Etag value must be generated. A comparison of them can
determine whether two representations of a resource are the
same. For the usage please check this link.
Transfer-Encoding: This specifies the form of encoding. There
are different values like chunked, compress, deflate and gzip.
Multiple values are allowed via comma separation. (Transfer-
Encoding: gzip, chunked)
X-Frame-Options: These are used to prevent clickjacking
attacks. For example, if you use deny value, you can’t embed
<iframe> into other sites. sameorigin allows the embed in the same
origin.

Status/Response Code:

6 of 8 7/3/23, 01:36
Understanding HTTP Headers. Recently, I decided I ne... about:reader?url=https%3A%2F%2Fround-lake.dustinice.workers.dev%3A443%2Fhttps%2Ftech.jotform.com...

1. 1xx: means the request was received by the server and needs to
continue the process.

2. 2xx: means the request was successful.

3. 3xx: means redirection :)

4. 4xx: means the request contains a bad request, there is something

wrong on the client side, not about the server.

5. 5xx: means is a problem with the server.

Additional Resources

• Transfer-Encoding: gzip vs Content-Encoding

• HEAD vs GET Performance & Difference

Resources

• https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers

• https://www.freesoft.org/CIE/RFC/2068/143.htm

7 of 8 7/3/23, 01:36
Understanding HTTP Headers. Recently, I decided I ne... about:reader?url=https%3A%2F%2Fround-lake.dustinice.workers.dev%3A443%2Fhttps%2Ftech.jotform.com...

8 of 8 7/3/23, 01:36