First let’s look at an example HTTP request header:
You can see the request header and response header information, as well as the corresponding header field information. Let’s review the information about HTTP headers, which are divided into HTTP generic headers, request headers, response headers, and entity headers.
1. HTTP universal header
The common header provides basic information about the packet. No matter the type of the packet, whether it is a request packet or a response packet, the common header is common to both types of packets. The main existence is as follows:
| The first | describe |
|---|---|
| Connection | Allows both servers and clients to specify options related to request/response connections |
| Date | Provide date and event flags indicating when the message was created |
| MIME-Version | Gives the MIME version used by the sender |
| Trailer | If the message is encoded in blocks, this header can be used to list the header set of the drag-and-drop part of the message, stating in advance which header fields are recorded after the message body |
| Transfer-Encoding | Specify the encoding mode of the main body of the packet, and tell the receiving end the encoding mode of the main body of the packet |
| Update | Indicates the new version or protocol that the sender may want to upgrade to |
| Via | Display intermediate nodes (proxy and gateway) through which packets pass |
| Cache-Control | By specifying its instructions, it can operate the caching mechanism |
| Pragma | Another indication along with the message is not dedicated to caching |
2. HTTP request header
The request header is the header that is meaningful only in the requested message. Used to indicate who or what is sending the request and what the client likes, the server will try to provide a better response for the client based on the client information given at the beginning of the request.
The informational header of the request
| The first | describe |
|---|---|
| Client-IP | The IP address of the client’s machine is provided |
| From | The Email address of the client user is provided |
| Referer | Provides the URL of the document that contains the currently requested URL |
| UA-Color | Provides information about the display color of the client display |
| UA-CPU | The type or manufacturer of the client CPU is provided |
| UA-Dsip | Provides information about the capabilities of the client’s display (screen) |
| UA-OS | Provides the name and version of the operating system on the client machine |
| UA-Pixels | Provides pixel information for the client display |
| User-Agent | Tell the server the name of the application that initiated the request |
The Accept header
The Accept header provides a way for the client to communicate its preferences and capabilities to the server, so that the server can send the most appropriate content based on this additional information.
| The first | describe |
|---|---|
| Accept | Tells the server which media types can be sent |
| Accept-Charset | Tells the server which character sets can be sent |
| Accept-Encoding | Tells the server which encodings can be sent |
| Accept-Lauguage | Tells the server which languages can be sent |
| TE | Tell the server which extended transport encoding can be used |
Conditional request header
Sometimes we want to put restrictions on requests. For example, a client that already has a document wants to ask the server to transfer the document only if the document on the server is different from the copy owned by the client.
| The first | describe |
|---|---|
| Expect | Allows a client to list the required server behavior for a request |
| If-Match | If the entity tag matches the document’s current entity tag, the document is retrieved |
| If-Modified-Since | This request is restricted unless the resource has been modified after a specified date |
| If-None-Match | If the provided entity tag does not match the entity tag of the current document, the current document is retrieved |
| If-Range | Allows conditional requests to a range of documents |
| If-Unmodified-Since | The request is restricted unless it has not been modified after a specified date |
| Range | If the server supports request scope, request the specified scope of the resource |
Security request header
HTTP itself supports a simple mechanism called challenge/response authentication. This mechanism makes transactions a little safer by authenticating itself before the client can access a particular resource
| The first | describe |
|---|---|
| Authorization | Contains data that the client provides to the server to authenticate itself |
| Cookie | It is used by the client to send a token to the server, which is not really a security header, but does imply security capabilities |
| Cookie2 | Indicates the cookie version supported by the requester |
Proxy request header
| The first | describe |
|---|---|
| Max-Forward | Maximum number of times a request is forwarded to another agent or NMS on the path to the server – used with the TRACE method |
| Proxy-Authorization | The same as the Authorization header, but this header is used by the agent for authentication |
| Proxy-Connection | Same as the Connection header, but this header is used to establish a Connection with the agent |
3. HTTP response header
The corresponding header of the response message provides the client with some additional information, such as who is sending the response and the function of the responder, which helps to better process the response and initiate the request in the future.
Response header
| The first | describe |
|---|---|
| Age | Response duration (since initial creation) |
| Public | List of request methods supported by the server for its resources |
| Retry-After | If the resource is not available, try again at this date or time |
| Server | The name and version of the server application |
| warning | Warning message more detailed than cause phrase |
Response negotiation header
| The first | describe |
|---|---|
| Accept-Ranges | The type of scope acceptable to the server for this resource |
| vary | The list of other headers viewed by the server may be changed in response; In other words, this is a list of headers, and the server will select the most suitable version of the resource based on the contents of these headers and send it to the client |
Security response header
| The first | describe |
|---|---|
| Proxy-Authenticate | A list of inquiries to clients from the broker |
| Set-Cookie | You can set a token in the client order for the server to identify the client |
| Set-Cookie2 | Similar to the Set – Cookie2 |
| www-Authenticate | List of queries from the server to the client |
4. HTTP entity header
The header that describes the entity part of the request and response messages. The entity header provides a wealth of information about the entity and its contents, from information about object types to various efficient request methods that can be used with resources.
Entity informational header
| The first | describe |
|---|---|
| Allow | Lists the requests that can be executed for this entity |
| Location | Tells the client where the entity is actually located, which is used to direct the receiver to the location URL of the resource |
Entity content header
Provide information about the entity’s content, including type, size, and other useful information needed to process it.
| The first | describe |
|---|---|
| Content-Base | The base URL to use when parsing relative urls in the body |
| Content-Encodeing | Arbitrary encoding performed on a subject |
| Content-Languauge | The natural language most appropriate for understanding the subject |
| Content-Length | The length or dimension of a body |
| Content-Location | The actual location of the resource |
| Content-MD5 | The MD5 checksum of the principal |
| Content-MD5 | The range of bytes represented by this entity in the entire resource |
| Content-Type | The object type of this principal |
Entity cache object
Say when and how entities are cached
| The first | describe |
|---|---|
| ETag | The entity tag associated with this entity |
| Expires | The entity is not in the mailbox, and the date and time of this entity are retrieved from the original source again |
| Last-Modified | The date and time this entity was last modified |