HTTP Header - secuguru/security-terms GitHub Wiki

HTTP headers are an essential part of the communication between a client (like a web browser) and a server when making HTTP requests and receiving responses. They provide additional metadata about the request or response, helping the server understand how to process the request or return the appropriate response. These headers include information such as the method being used, the format of data that can be accepted, details about the connection, and more.

Here’s an explanation of HTTP headers with the key elements you provided:

Request Line:

The first line of an HTTP request typically includes three important elements:

  1. Verb (or Method): This defines the action the client wants to perform. Common HTTP verbs include:
  • GET: Request data from the server.
  • POST: Submit data to the server.
  • PUT: Update a resource on the server.
  • DELETE: Remove a resource from the server.

  1. Path: This is the path to the resource on the server the client wants to access. For example, /index.html could refer to the homepage of the website.

  2. HTTP Version: This specifies the version of the HTTP protocol the client is using (e.g., HTTP/1.1 or HTTP/2). The version affects how the request and response are structured and processed.

Key HTTP Headers:

  1. Domain:
  • Specifies the domain (or host) where the request is being made, such as www.example.com. This tells the server which website the client wants to communicate with, especially important when multiple websites are hosted on the same server. Example:
Host: www.example.com
  1. Accept:
  • Indicates the MIME types that the client can accept in response. The server will send data in one of the formats specified by the client, if possible. Example:
Accept: text/html, application/json
  1. Accept-Language:
  • Specifies the preferred languages of the client. The server can return content in one of these languages if available. Example:
Accept-Language: en-US, en;q=0.9, fr;q=0.8
  1. Accept-Charset:
  • Indicates the character sets the client can handle. This helps the server choose the correct encoding for text data, such as UTF-8. Example:
Accept-Charset: utf-8, iso-8859-1;q=0.7
  1. Accept-Encoding:
  • Specifies the compression types (like gzip or deflate) the client can handle. This allows the server to compress the response, reducing the amount of data sent and speeding up the transmission. Example:
Accept-Encoding: gzip, deflate
  1. Connection:
  • Defines whether the connection between the client and server should be kept open for further requests (keep-alive) or closed immediately after the current request (close). Example:
Connection: keep-alive
  1. Referrer (or Referer):
  • Indicates the URL of the page that referred the client to the current resource. This can help the server understand where the request originated from. Example:
Referer: https://www.google.com/search?q=example
  1. Return Address (User-Agent):
  • The User-Agent header provides information about the client’s device, operating system, and browser. This helps the server optimize the response for the client’s specific setup. Example:
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)
  1. Expected Size (Content-Length):
  • The Content-Length header is included in requests or responses that contain a body (like when uploading a file or sending form data). It specifies the size of the content in bytes. Example:
Content-Length: 348

Example of an HTTP Request:

GET /index.html HTTP/1.1
Host: www.example.com
Accept: text/html, application/xhtml+xml
Accept-Language: en-US, en;q=0.9
Accept-Charset: utf-8
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: https://www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)

In this example:

  • The verb is GET, which means the client is requesting data from the server.
  • The path is /index.html, indicating the specific file being requested.
  • The HTTP version is HTTP/1.1.
  • Various headers specify details like accepted content types, preferred language, compression types, and information about the client’s setup.

Summary:

  • HTTP headers provide metadata about requests and responses, helping clients and servers communicate efficiently.
  • Headers like Accept, Connection, and User-Agent define how data should be formatted, handled, and which types of content are preferred by the client.
  • Verb, path, and HTTP version form the backbone of the HTTP request, specifying the action, the resource, and the protocol version to use.