HTTP Header

[Updated: Jun 7, 2017, Created: Mar 31, 2017]

Web HTTP 

An HTTP header is an optional meta-information about the message being sent. This information might also contain specific details about the sender.

Both request and response messages can have header.

An HTTP Header consists of multiple name-value pairs. Each name and value are separated by a colon :
Each pair is written in a separate line.


Following is a typical request header example when sent from a browser:
connection=keep-alive
accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp ....
user-agent:Mozilla/5.0 (Windows NT 6.3; WOW64) ...
accept-encoding:gzip, deflate, sdch
accept-language:en-US,en;q=0.8

Following is a typical response header example when sent from a server:
Content-Length:492
Content-Type:text/html;charset=ISO-8859-1
Date:Wed, 17 Feb 2016 19:57:04 GMT
Server:Apache-Coyote/1.1

Commonly used standard request Headers

Accept

Media types that a client can accept.
Example: Accept: text/html

Accept-Charset

Character sets that are acceptable.
Example: Accept-Charset: utf-8

Accept-Encoding

List of acceptable encodings (converting message into a coded form).
Example: Accept-Encoding: gzip, deflate

Accept-Language

Set of natural languages that are preferred as a response to the request.
Example: Accept-Language: en-US,en;q=0.8

Connection

The Connection header field allows the sender to specify options that are desired for that particular connection. When we make requests with "Connection: keep-alive" the subsequent request to the server will use the same TCP connection. This is called HTTP persistent connection. The default connection timeout of Apache httpd 2.2 and above is five seconds. "Connection: close" indicates that once the request has been made the server needs to close the connection. And so for each request a new TCP connection will be established.
Example: Connection: keep-alive

User-Agent

This contains tokens that provide specific details about the system and browser/application making the request.
Example: User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) ... Chrome/48.0.2564.109 ...

From

The email address of the user making the request
Example: user@example.com

Authorization

Authentication credentials for HTTP authentication
Example: Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==

If-Modified-Since

If the requested variant has not been modified since the time specified in this field, an entity will not be returned from the server; instead, a 304 (not modified) response will be returned without any message-body.
Example: If-Modified-Since: Sat, 29 Oct 1994 19:43:31 GMT


Commonly used standard response Headers

Cache-Control

This header indicates whether the resource may be cached by the browser. Some of the values are "no-cache", "max-age=<number of seconds>", "no-store", "must-revalidate" ", "only-if-cached"
Example: Cache-Control: max-age=3600

Content-Encoding

The type of encoding used on the body data.
Example: Content-Encoding: gzip

Content-Length

The length of the response body in octets (8-bit bytes).
Example: Content-Length: 348

Content-Type

The MIME type of the body data.
Example: Content-Type:text/html;charset=ISO-8859-1

Content-Location

It can be used to supply the resource location for the entity enclosed in the message when it is accessible from alternate location separate from the requested resource's URI. It can also be used when a requested resource has multiple representations available, e.g. multiple languages.
Example: Content-Location: /data.json

Date

The date and time when the message was sent.
Example: Date:Wed, 17 Feb 2016 19:57:04 GMT

Last-Modified

The last modified date for the requested resource.
Example: Last-Modified: Tue, 15 Nov 1994 12:45:26 GMT

Location

Used in redirection, or when a new resource has been created.
Example: Location: http://www.example.com/newPage.html

Pragma

It may contain Implementation-specific fields. For example 'no-cache' used for HTTP/1.0 implementation to prevent caching on client.
Example: Pragma: no-cache

Retry-After

If an entity is temporarily unavailable, this directive tells the client to try again later.
Example: Retry-After: 120, also: Retry-After: Fri, 07 Nov 2014 23:59:59 GMT

Server

A name for the server along with other details
Example: Server:Apache-Coyote/1.1

Set-Cookie

The Set-Cookie header is sent by the server to create a cookie on the user's system.
Example: Set-Cookie: UserID=joe; last-visited=2016-02-14

Allow

The Allow header field lists the set of methods supported by the resource identified by the Request-URI.
Example: Allow: GET, HEAD

WWW-Authenticate

If an HTTP request lacks credentials, the server can reply with 401 (Unauthorized) status code and the WWW-Authenticate header field.

The WWW-Authenticate header field indicates the authentication scheme(s) and parameters applicable to the target resource.
Example: WWW-Authenticate: Basic realm="Some value"

Where realm value is used to group the resources. All pages within this group will share the same authentication credentials.


Sending Custom Headers in HTTP request

A HTTP request can also include custom headers.

That's not possible using HTML hyperlink or through from submission.

We can use Ajax's XMLHttpRequest object to set custom headers.

xmlhttp.setRequestHeader("myCustomHeader", headerValue);

Or we can also use JQuery:

$.ajax({
....
beforeSend: function(xhr){
xhr.setRequestHeader("myCustomHeader", headerValue);
}
..
});

Or using any http client API. For example in Java we can use java.net.HttpURLConnection to send standard or custom headers like this:

URL obj = new URL(theUrl);
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
//adding header
con.setRequestProperty("myCustomHeader", headerValue);


See Also