Headers in HTTP Requests

Host

The Host request header specifies the host and port number of the server to which the request is being sent. If no port is included, the default port for the service requested is implied (e.g., 443 for an HTTPS URL, and 80 for an HTTP URL).

Host: medium.com

User-Agent

The User-Agent request header is a characteristic string that lets servers identify the application, operating system, vendor, and/or version of the requesting client.

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Using the User-Agent header, web-servers can collect general information about the requesting client and serve them accordingly.

Accept-Language

The Accept-Language header conveys the default language settings for a user. If a web-server supports different language versions for a web-page, it can redirect the client based on this header.

Accept-Language:en-GB,en-US;q=0.9,en;q=0.8

It can carry multiple languages, separated by commas. The first one is the preferred language, and each other listed language can carry a q value, which is an estimate of the user's preference for the language on a scale of 0 to 1.

Accept-Encoding

The Accept-Encoding header indicates the content encoding (usually a compression algorithm) that the client can understand.

Accept-Encoding: gzip, deflate, br, zstd

Most modern browsers support gzip and will send this in the header. The web server then can send the HTML output in a compressed format. This can reduce the size by up to 80% to save bandwidth and time.

If-Modified-Since

The If-Modified-Since request HTTP header makes the request conditional: the server sends back the requested resource, with a 200 status, only if it has been last modified after the given date. If the resource has not been modified since, the response is a 304 without any body.

If-Modified-Since: Sat, 28 Sep 2024 03:21:52 GMT

Cookie

The Cookie header sends the cookies stored in your browser for that domain.

Cookie: PHPSESSID=298zf09hf012fh2; csrftoken=u32t4o3tb3gg43; _gat=1

These are name=value pairs separated by semicolons. Cookies can also contain the session id.

Referer

The Referer header allows a server to identify referring pages that people are visiting from or where requested resources are being used. This data can be used for analytics, logging, optimised caching, and more.

Referer: <url>

Authorization

The HTTP Authorization request header can be used to provide credentials that authenticate a client with a server, allowing access to protected resources.

When a web page asks for authorization, the browser opens a login window. When you enter a username and password in this window, the browser sends another HTTP request, but this time it contains this header.

// Bearer 
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...

// Basic
Authorization: Basic base64(username:password)

// API Key
Authorization: ApiKey your-api-key