Common HTTP request headers

1.Accept

  • Accept: TEXT/HTML The browser can Accept the type of text/ HTML sent back from the server.
  • Accept: */* indicates that the browser can handle all types.

2.Accept-Encoding

  • Accept-Encoding: gzip, deflate The browser declares the encoding method it receives, usually specifying the compression method, whether it supports compression, and what compression method (gzip, deflate) is supported (note: this is not character-only encoding).

3.Accept-Language

  • Accept-Language:zh-CN,zh; Q = 0.9The browser declares the language it receives.

4.Connection

  • Connection: keep-alive After a web page is opened, the TCP Connection used to transmit HTTP data between the client and the server is not closed. If the client accesses the web page on the server again, it continues to use the established Connection.
  • Connection: Close Indicates that after a Request is completed, the TCP Connection used to transmit HTTP data between the client and the server is closed. When the client sends a Request again, the TCP Connection needs to be re-established.

5.Host (the header field is required when sending the request)

  • Host:www.baidu.com The request header field is used to specify the Internet Host and port number of the requested resource, usually extracted from an HTTP URL.

6.Referer

  • Referer:https://www.baidu.com/?tn=62095104_8_oem_dg When a browser sends a request to a Web server, it usually carries a Referer, which tells the server what page I’m linking from, so the server can get some information for processing.

7.User-Agent

  • The user-agent: Mozilla / 5.0 (Windows NT 6.1; Win64; X64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.110 Safari/537.36 tells the HTTP server the name and version of the operating system and browser used by the client.

8.Cache-Control

  • Cache-Control:privateResponses that are private by default can only be used as private caches and cannot be shared between users
  • Cache-Control:public Responses are cached and shared among multiple users. Normally, if HTTP authentication is required, the response is automatically set to private.


  • Cache-Control:must-revalidate The response can be reused under certain conditions to satisfy subsequent requests, but it must go to the server to verify that it is still up to date.


  • Cache-Control:no-cacheThe response is not cached, but instead requests resources to the server in real time.


  • Cache-Control:max-age=10Set the maximum duration of the cache, but this parameter defines the size of the time (e.g., 60) rather than a specific point in time. The unit is [seconds].
  • Cache-Control:no-store Under no circumstances will the response be cached and written to the client’s disk, which is why sensitive responses are used for security reasons.

9.Cookie

Cookies are used to store some user information so that the server can identify the user’s identity (most of the websites that need to log in will be more common), such as cookies will store some user’s user name and password, when the user logs in, a Cookie will be generated on the client to store relevant information. In this way, the browser will verify that you are a legitimate user by reading the cookie information on the server and then allow you to view the corresponding webpage. Of course, the data in the cookie is not only the above scope, but also a lot of information can be stored in the cookie, such as sessionID and so on.

10.Range (for breakpoint continuation)

  • Range:bytes=0-5 Specifies the position of the first and last bytes. Used to tell the server which part of the object it wants to fetch.

Common HTTP response headers

1. Cache-control (corresponding to cache-control in request)

  • Cache-Control:privateResponses that are private by default can only be used as private caches and cannot be shared between users
  • Cache-Control:public Both the browser and the cache server can cache page information.


  • Cache-Control:must-revalidate For each request from the client, the proxy server must verify with the server that the cache is obsolete.


  • Cache-Control:no-cacheNeither the browser nor the cache server should cache page information.


  • Cache-Control:max-age=10It tells the browser to leave me alone and refresh the buffer for 10 seconds.
  • Cache-Control:no-store Neither request nor response information should be stored on each other’s disk systems.

2.Content-Type

  • The content-type: text/HTML. Charset =UTF-8 tells the client the type of the resource file and the character encoding. The client uses UTF-8 to decode the resource and then performs HTML parsing on the resource. Often we see sites that are garbled, often because the server does not return the correct encoding.

3.Content-Encoding

  • Content-encoding: Gzip tells the client that the resource sent by the server is gZIP encoded, and the client should decode the resource using GZIP when it sees this message.

4.Date

  • Date: Tue, 03 Apr 2018 03:52:28 GMT GMT Indicates the server time when the server sends resources. GMT is the local standard time at Greenwich Mean time. The time sent in HTTP protocol is GMT, which is mainly to solve the problem of time confusion when different time zones request resources from each other on the Internet.

5.Server

  • Server: Tengine/1.4.6 This is the Server and the corresponding version, just tell the client Server information.

6.Transfer-Encoding

  • Transfer-encoding: chunked This response header tells the client that the server is sending resources in chunks. General block sending resources are dynamically generated from the server, still don’t know when to send to send resource size, so the block to send, each is independent, independent blocks can be marked their length, the last piece is 0 length, when the client to read the zero length of block, can determine the transmission resources have been finished.

7.Expires

  • Expires:Sun, 1 Jan 2000 01:00:00 GMT This response header is also cache-specific and tells the client that it can access the cached copy before this time. Obviously, this value can be problematic because the client and the server won’t always have the same time. Different times can cause problems. So this response header is not as accurate as cache-control: max-age=*, because max-age=date is a relative time, which is not only better understood, but also more accurate.

8.Last-Modified

  • Last-modified: Dec, 26 Dec 2015 17:30:00 GMT Last Modified date of the requested object (in the “hypertext Transfer Protocol date” format defined in RFC 7231)

9.Connection

  • The Connection: keep-alive field responds to the client’s Connection: keep-alive, telling the client that the server’s TCP Connection is also a long Connection and that the client can continue to use this TCP Connection to send HTTP requests.

10.Etag

  • ETag: “737060 cd8c284d8af7ad3082f209582d” is a sign of an object (such as a URL) value, in terms of an object, such as an HTML file, if it is changed, the Etag will don’t change, so, ETag serves a similar purpose to last-Modified, allowing the WEB server to determine whether an object has changed. For example, the last time an HTML file was requested, the browser obtained its ETag. When the file is requested again, the browser sends the ETag value to the WEB server. The WEB server then compares the ETag with the current ETag of the file and knows whether the file has changed.

11.Refresh

  • Refresh: 5; Url =http://baidu.com is used for redirection, or when a new resource is created. The redirection will refresh after 5 seconds by default.

12.Access-Control-Allow-Origin 

  • Access-control-allow-origin: * * indicates that all websites can share resources across domains. If the current field is *, the access-Control-allow-credentials cannot be true
  • Access-control-allow-origin: www.baidu.com Specifies which web sites can be shared across domains

13.Access-Control-Allow-Methods

  • Access-control-allow-methods: GET,POST,PUT,DELETE Which Methods are allowed to Access

14.Access-Control-Allow-Credentials

  • Access-control-allow-credentials: true Specifies whether cookies are allowed to be sent. By default, cookies are not included in CORS requests. If set to true, the server explicitly approves that cookies can be included in the request and sent to the server. This value can only be set to true if the server does not want the browser to send cookies. If access-Control-allow-Origin is *, the current field cannot be true

15.Content-Range

  • Content-range: bytes 0-5/7877 Specifies where to insert a portion of the entire entity. It also indicates the length of the entire entity. When the server returns a partial response to the client, it must describe the response coverage and the entire entity length.