The HTTP headers are used to pass additional information between the clients and the server through the request and response header. All the headers are case-insensitive, headers fields are separated by colon, key-value pairs in clear-text string format. The end of the header section denoted by an empty field header. There are a few header fields that can contain the comments. And a few headers can contain quality(q) key-value pairs that separated by an equal sign.
There are four kinds of headers context-wise:
General Header: This type of headers applied on Request and Response headers both but with out affecting the database body.
Request Header: This type of headers contains information about the fetched request by the client.
Response Header: This type of headers contains the location of the source that has been requested by the client.
Entity Header: This type of headers contains the information about the body of the resources like MIME type, Content-length.
Headers can also be categorized according to how proxies handle them:
It is a response header gives access to a resource file by defining an authorization method. It allows the proxy server to transmit the request further by authenticating it.
The last modified response header is a header sent by the server specifying the date of the last modification of the requested source. This is the formal definition of Last-Modified of HTTP headers
ETag
It is a response-type header used as an identifier for a specific version of a resource.
If-Match
It is a request-type header. It is used to make the request conditional.
It is a request-type header. Generally, it is used to update the entity tags on the server. Firstly, the Client provides the Server with a set of entity tags (E-tags).
If-Modified-Since
It is a request-type header. This header is used make the request conditional plus expects the entity to be transmitted, if it has been modified after the specified date.
If-Unmodified-Since
It is a request-type header. This header is used make the request conditional plus expects the entity to be transmitted, if it has been unmodified after the specified date.
Vary
It is response-type header. It is used by the server to indicate which headers it used when selecting a representation of a resource in a content negotiation algorithm.
It is a request type header. The Accept header is used to inform the server by the client that which content type is understandable by the client expressed as MIME-types.
It is a response-type header. It is usually a comparison algorithm of request header. All the HTTP client used to tell the server which encoding or encoding it supports.
It is a request type header. It is used to indicate specific behaviors or expectations that the server needs to fulfill in order to respond to the client. Generally, Expect: 100-continue is the only expectation defined for the header field.
It is a response header and used to send cookies from the server to the user agent. So the user agent can send them back to the server later so the server can detect the user.
Cookie2
It is a request type header. A cookie2 used in the requests sent by the user to the server.
It is response type header and it is obsoleted. It is a provider of the mechanism to serve and retrieve state information from the client to the server.
It is a Response header. The Access-Control-Allow-Credentials header is used to tell the browsers to expose the response to front-end JavaScript code when the request’s credentials mode Request.credentials is “include”.
Access-Control-Allow-Headers
It is a response header that is used to expose the headers that have been mentioned in it. By default 6 response headers are already exposed which are known as CORS-safelisted response headers.
Access-Control-Allow-Methods
It is a response-type header that specifies the method or methods allowed when accessing the resource.
Access-Control-Expose-Headers
It is a response-type header that indicates which headers can be exposed.
It is a response header that gives the time for which results of a CORS preflight request that checks to see if the CORS protocol is understood and a server is aware using specific methods and headers, can be cached.
Access-Control-Request-Headers
It is a request type header, it lets the server know which HTTP headers will be used when the actual request is made.
Access-Control-Request-Method
It is a request type header, it lets the server know which HTTP method will be used when the actual request is made.
It is a response HTTP header that indicates the security contexts that initiates an HTTP request without indicating the path information.
Timing-Allow-Origin
It is a response type header. It specify origins that are allowed to see values of attributes retrieved via features of the Resource Timing API.
Do Not Track
Header
Description
DNT
It is a request type header. It lets users indicate whether they would prefer privacy rather than personalized content.
TK
It is a response type header, it indicates the tracking status.
Downloads
Header
Description
Content-Disposition
It is a response type header for the body. It lets users indicate resource transmitted should be displayed inline or should be download and present a “Save As” dialog.
It is a response type header. It is used to indicate the size of entity-body in decimal no of octets i.e. bytes and sent it to the recipient. It is a forbidden header name.
It is a entity type header. It is used to indicate the media type of the resource. The media type is a string sent along with the file indicating the format of the file.
It is an entity type header that gives another location for the data that is returned and also tells how to access the resource by indicating the direct URL.
Proxies
Header
Description
Forwarded
It is a request-type header. It is used to store client-facing side of proxy servers that is lost when a proxy is involved in the path of the request.
It is a request type header and is an alternative and de-facto standard version of the Forwarded header which is used when a client connects to a web server through an HTTP proxy or load balancer for identifying the original IP address.
X-Forwarded-Host
It is a request-type header. It is used to identify the original host requested by the client in the Host HTTP request header.
It is an request-type header. It is used to identifying the protocol that the client used to connect with a proxy or load balancer. It can be HTTP or HTTPS.
It is a response header that is used under 2 circumstances to ask a browser to redirect a URL (status code 3xx) or provide information about the location of a newly created resource (status code of 201).
Request context
Header
Description
From
It is a request-type header that is used to contains an Internet email address for a human user who controls the requesting user agent.
It is a request-type header. It is use to represent the domain name of the server. It may also represent the Transmission Control Protocol (TCP) port number which the server uses.
Referrer
It is a request type header. This is use to hold the previous page link where this new page come, that the back button of the browsers can work.
Referrer-Policy
It is a response type header. It is used to define how much referrer information should be included with the requests.
It is a request header that allows a characteristic string that allows network protocol peers to identify the Operating System and Browser of the web-server.
It is the response-type header also the part of the ranges system. This header act as a marker that is used by the server to supports the partial request of the clients.
It is request-type header that is used to get part of a document from the server. If the server returns the part of the document, it uses the 206 (Partial Content) status code.
If-Range
It is a request type header. This is use to make a range request conditional.
It is a response type header. That is a web security policy mechanism that helps protect websites from malicious activities and informs user agents and web browsers how to handle its connection through a response header.
It is a response type header. It acts as a marker that indicates the MIME-types headers in the content types headers should not be changed to the server.
It is a response header. It is used to prevent the site from click jacking attacks. It defines whether or not a browser should be allowed to render a page in a <frame>, <iframe>, <embed> or <object>.
It is a response-type header that performs as the hop-by-hop header, the hop-by-hop header connection is the single transport-level connection must not be re-transmitted.
TE
It is request-type header that is used to specify the transfer encodings the user agent is willing to accept.
It is a response header that indicates the given set of header fields is present in the trailer of a message encoded with chunked transfer-coding.
WebSockets
Header
Description
Sec-WebSocket-Accept
It is response-type headers category. This used by the server to intimate the client that it understood it was a WebSocket connection and it is ready to open connection.
Other headers
Header
Description
Alt-Svc
It is use to reach the website in a alternate way.
It is a general-type header used to pass additional information with HTTP response or HTTP request.
Large-Allocation
It is a response-type header that informs supported browsers (currently only Firefox) about the needs of a memory that allows them to make sure that the large-allocation succeeds and also start a new process using some unfragmented memory.
Link
It is entity-type header used to serializing one or more links in HTTP headers.
It is response-type header used to pass additional information with HTTP request or response. HTTP Retry-After header is an HTTP response header which indicates how long to wait before making another request.
It is a response-type header. This header is used to communicate between two or more metrics and descriptions for a given request-response cycle from the user agent.
SourceMap
It is a response-type header used to map original source from the transformed source. For example, the JavaScript resources are transformed to some other source from its original by the browsers at the time of execution.
X-DNS-Prefetch-Control
It is response-type header that is used to controls the DNS prefetching.
Ent-to-End headers: This type of headers should be transmitted to the final recipient of the message so the server can make a request to the clients and the client can respond to that requests. The intermediate proxies must retransmit these headers as unmodified.
Hop-by-Hop headers: This type of headers only works for the single transport-level connection. This kind of harder should not be retransmitted by the proxies or cached.