When a browser requests a resource from a server, it uses HTTP. This request includes a set of key-value pairs giving informations like the version of the browser or what file format it understands. There key-value pairs are called request headers.
The server answers with the requested resource but also sends response headers giving information on the resource or the server itself.
Below are the most important request headers:
- Host: The domain. The only required header.
- User-Agent: Name + version of your browser and OS.
- Referer: Website that linked or included the resource.
- Authorization: A password or API token
Authorization: Basic xyz(base64 encoded user: password)
- Cookie: Send cookies the server sent earlier and keeps you logged in.
- Range: Let’s you continue downloads (“get bytes 100-200”)
Cache-Control: “max-age=60” means cached responses must be less than 60 seconds old.
If-Modified-since: Only send if resource was modified after this time.
If-Modified-Since: Sun, 21 Sep...
- If-None-Match: Only sent if the ETag doesn’t match those listed.
- Accept: MIME type you want the response to be.
- Accept-Encoding: Set this to “gzip” and you’ll probably get a compressed response.
- Accept-Language: Set this to “fr-CA” and you might get a response in French.
Content-Type: MIME type of request body, e.g. “application/json”
Content-Encoding: Will be “gzip” if the request body is gzipped.
Connection: “close” of “keep-alive” Whether to keep the TCP connection open.