Basically, HTTP-Headers are simple key-value-pairs, that are sent with request messages to a webserver or vice versa from a webserver as response messages back to a Client. Standard header fields are specified in RFC2616. Headers do add extra informations to HTTP messages to improve communication. All header fields can - of course - be faked.

The syntax of a HTTP header is as followed:
header_name[separated by colon][optional whitespace]field_value[CRLF]

Examples of HTTP headers

HTTP headers are classified into 4 main categories:

General headers, that carry general informations for both request and response, Request headers that are sent to the server, Response headers, that are sent from the server, and Entity Headers.

General Headers

General headers do appear in both request and response messages and provide very basic informations such as time, encoding, MIME or Caching.

Some important general Headers are for Example:

Request Headers

Request headers are sent in a request message only. These informations basically try to make the server sending are better response.
This header type is subdivided into 5 types: Informational headers, which handle very basic Client-Informations, accept headers, which tell servers client preferences and capabilities, conditional request headers to put restrictions on a request, security headers for client authentication and proxy headers.

Some informational headers:

Some accept headers:

Some conditional headers:

Some security headers:

Response Headers

Response headers are sent in response message from the server only, to provide the client with extra informations about the sender. These informations help clients to handle the response and make better requests in the future. This header type is subdivided into 3 subtypes: Informational headers, which provides basic Server-Informations, negotiation headers, and security headers.

Some informational response headers:

Some negotiation headers:

Some security headers: