What are HTTP Headers?

HTTP headers allow clients to pass additional information to the server and the server to pass additional information about the response to the client. For example, using Content-Type: application/json, the server tells the HTTP client that it has returned JSON.

What is HTTP?

HTTP stands for Hypertext Transfer Protocol. It was created in the early 1990s. Almost everything you see in your browser is transferred to your computer or mobile phone over the HTTP protocol. For example, when you open a web page from a website, your browser has made about 15-30 HTTP requests to the server and received HTTP responses for each request.

What is HTTP Header?

Each HTTP request and response consists of HTTP headers and an HTTP body. HTTP header fields are passed after the request line (or response line). Each HTTP header consists of its case-insensitive name, followed by a colon (:), and then the header value. The header fields consist of a case-insensitive name followed by a colon (':') and then its value. Spaces before the name and value are ignored. Header fields are separated by a carriage return (CR) and line feed (LF) characters (for example, Host: reqbin.com).

The information that is sent in HTTP headers may include information about the type and size of data in the request body, compression methods supported by the client and server, the languages that the client can display, and the source of the request. The server uses HTTP headers to send size and data type information in the response body, compression method used, caching directives, and cross-origin resource sharing restrictions (CORS headers).

HTTP headers can be grouped by context:

  • Request headers that contain information about the client who is requesting the resource and information about the requested resource itself.
  • Response headers contain additional information about the server, such as its type name or server.
  • Presentation headers contain information about the message body that the client sends to the server or the server returns to the client, such as its MIME type and size, as well as the encoding or compression.

HTTP Request Headers Example

Below is an example of the HTTP headers that the browser sends to the server when you make a request to the ReqBin echo URL.

HTTP Request Headers Example Run Request
GET /echo/post/json HTTP/1.1
Host: reqbin.com
Accept-Language: en-US,en;q=0.9
Accept-Encoding: gzip, deflate

An HTTP request message has 3 parts.

  • Request line
  • Request Headers
  • Request body

The first line of the HTTP request is called the request line and consists of 3 parts:

  • HTTP Method - Indicates what kind of request it is. The most common methods are HTTP GET, POST, and HEAD.
  • The Request Path - is the part of the URL that comes after the host name. For home pages, the request path is /.
  • HTTP protocol part - contains the HTTP string followed by the protocol version.

The request line is followed by one or more lines with HTTP headers in the form of Name: Value pairs. They HTTP headers contain various information about the HTTP request and your browser. The header lines are followed by a portion of the request body, separated from the header lines by two pairs of CR (carriage return) and LF (line feed) symbols.

HTTP Response Headers Example

Below is an example server response to our HTTP request:

HTTP Response Headers Example
HTTP/1.1 200 OK
Content-Length: 19
Content-Type: application/json

{"success":"true"}

The first line of the HTTP response is called the status line. It is HTTP/1.1 or HTTP/2, followed by a status code and a short message. For example, HTTP/1.1 200 OK means that the server has successfully responded to our request. The status line is followed by one or more lines with HTTP headers in the form of Name: Value pairs, as for an HTTP request.

Size limits for HTTP headers

The HTTP standard does not impose restrictions on the size of each name or the value of the header field, or the number of fields. However, most servers, clients, and proxies impose certain restrictions for practical and security reasons. For example, the Apache server, by default, limits the size of each field to 8 kilobytes, and in one request, there can be no more than 100 header fields.

Custom HTTP Headers

Custom header fields were usually prefixed with a X- field name, but this convention was deprecated in June 2012 due to the inconvenience caused by custom fields becoming standard.

Custom HTTP Header Example
X-Forwarded-For: 39.40.130.50

See also