Some notes on HTTP headers

HTTP-Headers: Extra-Informations, which are added to HTTP-request and response messages in a client-server-communication.

Basically, HTTP-Headers are simple key-value-pairs, that are sent with request messages to a webserver or vice versa from a webserver as response messages back to a Client. Standard header fields are specified in RFC2616. Headers do add extra informations to HTTP messages to improve communication. All header fields can - of course - be faked. The syntax of a HTTP header is as followed: header_name[separated by colon][optional whitespace]field_value[CRLF]

Examples of HTTP headers

Content-length: 54124 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) Content-type: image/gif

HTTP headers are classified into 4 main categories:

General headers, that carry general informations for both request and response, Request headers that are sent to the server, Response headers, that are sent from the server, and Entity Headers.

General Headers

General headers do appear in both request and response messages and provide very basic informations such as time, encoding, MIME or Caching. Some important general Headers are for Example:
Connection: close Date: Tue, 23 Jan 2002 03:11:28 GMT Cache-Control: no-cache Pragma: no-cache

Request Headers

Request headers are sent in a request message only. These informations basically try to make the server sending are better response. This header type is subdivided into 5 types: Informational headers, which handle very basic Client-Informations, accept headers, which tell servers client preferences and capabilities, conditional request headers to put restrictions on a request, security headers for client authentication and proxy headers. Some informational headers:
Host: From: Content-Length: 348 Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) Referer:
Some accept headers:
Accept: text/plain Accept-Charset: utf-8 Accept-Encoding: gzip, deflate
Some conditional headers:
If-Modified-Since: Sat, 12 Nov 2010 19:43:31 GMT If-Unmodified-Since: Sat, 12 Nov 2010 19:43:31 GMT
Some security headers:
Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==

Response Headers

Response headers are sent in response message from the server only, to provide the client with extra informations about the sender. These informations help clients to handle the response and make better requests in the future. This header type is subdivided into 3 subtypes: Informational headers, which provides basic Server-Informations, negotiation headers, and security headers. Some informational response headers:
Server: Apache/1.3.27 (Unix) (Red-Hat/Linux) Retry-After: 120
Some negotiation headers:
Accept-Ranges: bytes Age: 4
Some security headers:
Set-Cookie: UserID=JohnDoe; Max-Age=3600; Version=1 WWW-Authenticate: Basic