Professionals
Click the blue text to follow us
Today’s article
Request headers are key information sent by the client to the server when making a request, used to convey metadata about the request. Common request headers include: Host (target domain name or IP), User-Agent (information about the client and the browser used for access), Content-Length (length of the request data), Cookie (cookie information carried in the request), Authorization (handles user authentication), Accept-Encoding and Accept-Language (involved in content negotiation and internationalization), Cache-Control and If-Modified-Since (important for performance optimization), etc.
1. Basic Fields
Host
Meaning: The domain name and port number of the target server.
Usage: This field is required in HTTP/1.1 to distinguish between multiple virtual hosts on the same IP.
Example: Host: www.example.com:8080
User-Agent
Meaning: The type, version, and operating system information of the client (browser, application, etc.).
Usage: The server can return appropriate content based on this field (e.g., mobile or PC pages).
Example: User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) Chrome/91.0.4472.124
Accept
Meaning: The types of response content (MIME types) that the client can accept.
Usage: Content negotiation (e.g., prioritizing JSON or XML).
Example: Accept: text/html, application/json
Accept-Encoding
Meaning: The compression algorithms supported by the client (e.g., gzip, deflate).
Usage: The server can choose to compress the response to save bandwidth.
Example: Accept-Encoding: gzip, deflate, br
Accept-Language
Meaning: The natural languages preferred by the client (e.g., Chinese, English).
Usage: The server returns the page in the corresponding language.
Example: Accept-Language: zh-CN, en-US;q=0.9
2. Request Control
Connection
Meaning: Controls whether to keep the connection alive (HTTP Keep-Alive).
Example:
Keep connection: Connection: keep-alive
Close connection: Connection: close
Cache-Control
Meaning: Controls caching behavior (e.g., whether to cache, cache duration).
Example:
No caching: Cache-Control: no-cache
Maximum cache time: Cache-Control: max-age=3600
If-Modified-Since
Meaning: The last modification time of the resource (compared with the server resource to decide whether to return new content).
Usage: Reduces duplicate transmission (if not modified, returns 304 Not Modified).
Example: If-Modified-Since: Wed, 21 Oct 2022 07:28:00 GMT
3. Authentication and Session
Authorization
Meaning: Carries authentication credentials (e.g., Bearer Token, Basic authentication).
Example:
Basic authentication: Authorization: Basic base64(username:password)
JWT: Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9…
Cookie
Meaning: Session information stored by the client (set by the server through the Set-Cookie response header).
Example: Cookie: sessionId=abc123; theme=dark
4. Request Body Related
Content-Type
Meaning: The data type of the request body (only for requests carrying a body like POST/PUT).
Example:
JSON data: Content-Type: application/json
Form submission: Content-Type: application/x-www-form-urlencoded
Content-Length
Meaning: The byte length of the request body.
Example: Content-Length: 348
Content-Encoding
Meaning: The compression algorithm used for the request body (e.g., client-compressed data).
Example: Content-Encoding: gzip
5. Cross-Domain and Security
Origin
Meaning: The domain name of the request origin (used for CORS cross-domain requests).
Example: Origin: https://www.example.com
Referer
Meaning: The URL of the page that initiated the current request.
Usage: Anti-leeching, statistical analysis.
Example: Referer: https://www.example.com/home
Upgrade-Insecure-Requests
Meaning: The client wishes to automatically upgrade HTTP resources to HTTPS (secure requests).
Example: Upgrade-Insecure-Requests: 1
6. Other Common Fields
Range
Meaning: Requests partial content (used for resuming downloads or segmented downloads).
Example: Range: bytes=0-499 (requesting the first 500 bytes).
DNT (Do Not Track)
Meaning: The client requests not to track user behavior (privacy protection).
Example: DNT: 1
HTTP request headers help clients and servers interact efficiently, conveying contextual information (such as authentication, caching, content preferences, etc.). In actual development, it is necessary to choose appropriate header fields based on the scenario, for example:
Cache optimization: Cache-Control, If-Modified-Since
Cross-domain requests: Origin, Access-Control-Request-Headers
Data compression: Accept-Encoding
Security authentication: Authorization, Cookie
# POST request example
POST /api/data HTTP/1.1
Host: www.example.com
User-Agent: Mozilla/5.0 ...
Content-Type: application/json
Content-Length: 34
{
"key": "value"
}
# GET request example
GET /page.html
GET /page.html HTTP/1.1
Host: www.example.com
Accept: text/html
Referer: https://www.referrer.com
Cookie: session_id=abc123
If you find this article helpful, please consider following, sharing, or other actions!The blogger’s store is open for browsing if you need anything!