HTTP Request and Response objects consist of body and header. While the body in the Response holds the data message (HTML, JSON) or form fields in the Request, the headers let the client and the server to pass essential information about each other.
Headers can be grouped into four categories by their context:
- General headers contain information that is relevant for both request and Response, but no information about the data in a body
- Request headers hold information about the client and requested resource
- Response headers include server details, like time, location, configuration
- Entity header informs browser about the type and body of the resource
Let’s inspect more in details. Go to the webpage www.example.com, open the console > Network tab, and select the document to inspect headers. You will likely see the headers divided into General, Request, and Response.
The first, General group consist of the following information:
Request URL: https://www.example.com
The address of the Request and Response
Request Method: GET
A method that is used for the operation, like GET, POST, PUT or DELETE
Status Code: 200 OK
One of the most critical information that tells the status of the request/response. The different code number says what happened, did the operation succeeded or failed. Status codes are grouped:
1xx - Informational; the request is processing
2xx - Success; received, accepted, created
3xx - Redirect; actions needed, moved to a new location
4xx - Client Error; bad request, unauthorized or not found
5xx - Server Error; server failed to fulfill the request, internal server error
Remote Address: 188.8.131.52:80
The IP address of the server
Another group is Request Headers includes following properties:
Informs the server, what data types can be accepted, describes the content format. For example:
audio/ogg indicates an audio file
image/png - an image file
text/html - HTML file
application/json - data in the JSON format
Accept-Encoding: gzip, deflate
An algorithm, such as compression that is used on the recourse sent back.
Hints the server about the expected language
Controls how long connection should stay open
The domain name of the server
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4)
Lets server to identify the characteristics of the application, OS, vendor, and versions
Some of the important and common Request Header properties were not included from the domain example.com, but they should be mentioned:
Contains stored piece of information, previously sent by the server. For example: Cookie: name=value; name2=value2; name3=value3
Authorization: 'type' 'credentials'
Includes credentials to authenticate a user with a server. The two most used types are Basic, for base64-encoded credentials, and Bearer for access tokens.
Contains the address of the previous page, from which the user was linked to the current page
The last group is Response Headers includes:
Time in seconds how long the object was in the proxy cache
Set the instruction for caching. Other setting types: no-cache, no-store, no-transform
Specifies the compression algorithm used for the response body
The size of the recourse in bytes
Content-Type: text/html; charset=UTF-8
The resource type received. The current type is an HTML document.
Date: Sun, 12 Apr 2020 16:49:25 GMT
The time when the message was created
Expires: Sun, 19 Apr 2020 16:49:25 GMT
Sets the date when the relevant content will no longer be new/fresh
Server: ECS (nyb/1D2C)
Specifies the software used by the server at the time of the sent Response
It means that the request was sent not from the origin servers, but from an exclusive network (CDN), designed to cache content, so the user could get Response faster
Sent cookies from the server to the user-agent. May include other cookie settings, such as expiration date, max-age, domain, security. For example: Set-Cookie: id=qwerty123; Expires=Wed, 13 Apr 2020 07:00:00 GMT
The Request and Response headers carry and define transaction information about the user agent, server and data. These headers in the example were the more common ones, there are a lot more of them. The complete list can be found here.