HTTP

Glossary Term

HTTP Header

Learn what HTTP headers are and how they provide metadata about requests and responses. Understand common headers like Content-Type and Authorization.

2 min read beginner
#glossary #fundamentals

TL;DR: Headers are the short notes attached to an HTTP message. They do not usually contain the main content, but they often explain why the message behaves the way it does.

An HTTP header is a named field attached to a request or response. If the URL tells you what resource is involved and the body carries the actual content, headers tell you how to interpret that content and what rules apply to it.

Why Headers Matter So Much

When something in HTTP feels surprising, the explanation is often in the headers:

  • a cache served stale content because Cache-Control or ETag allowed it
  • a request failed because Authorization or Cookie was missing
  • a browser blocked behavior because of Content-Security-Policy or Permissions-Policy
  • a client parsed the body differently because Content-Type was wrong

That is why experienced developers open DevTools headers before they read the response body.

Request Headers vs Response Headers

Request headers tell the server about the client and the request context.

Common examples:

  • Accept: what formats the client can handle
  • Authorization: credentials or tokens
  • Cookie: state the browser is sending back
  • Origin: which site initiated the request

Response headers tell the client how to handle what came back.

Common examples:

  • Content-Type: what kind of body this is
  • Cache-Control: whether it can be cached
  • Set-Cookie: store state for later requests
  • Location: where to go next after a redirect or creation response

A Quick Example

GET /api/profile HTTP/1.1
Host: app.example.com
Accept: application/json
Authorization: Bearer token123

The request above says:

  • send the /api/profile resource
  • return JSON if possible
  • treat me as the user represented by this token

And the server might respond like this:

HTTP/1.1 200 OK
Content-Type: application/json
Cache-Control: private, max-age=60

Now the client knows both what the payload is and how long it can safely reuse it.

The Practical Mental Model

A useful shorthand is:

  • method = what you want to do
  • URL = what you want to do it to
  • headers = the rules and context
  • body = the actual data

That model is simple, but it is good enough to debug a surprising amount of HTTP behavior.

Related terms: HTTP Request, HTTP Response, HTTP Cookie

Frequently Asked Questions

What is an HTTP header?

HTTP headers are key-value pairs that carry metadata about requests and responses. They control caching, authentication, content type, and many other aspects of HTTP.

What are common request headers?

Common request headers include Host, User-Agent, Accept, Authorization, Cookie, and Content-Type. They tell the server about the client and request.

What are common response headers?

Common response headers include Content-Type, Content-Length, Cache-Control, Set-Cookie, and Location. They describe the response and control client behavior.

Can I create custom headers?

Yes, but use them carefully. Custom headers are useful for application-specific metadata, though some intermediaries or browser security rules may limit how they are sent.

Keep Learning

Hub

Glossary

Browse the full index for this topic.