Web HTTP
An
HTTP header is an optional meta-information about the message being sent.
This information might also contain specific details about the sender.
Both
request and response messages
can have header.
An HTTP Header consists of multiple name-value pairs.
Each name and value are separated by a colon :
Each pair is written in a separate line.
Following is a typical request header example when sent from a browser:
connection=keep-alive accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp .... user-agent:Mozilla/5.0 (Windows NT 6.3; WOW64) ... accept-encoding:gzip, deflate, sdch accept-language:en-US,en;q=0.8
Following is a typical response header example when sent from a server:
Content-Length:492 Content-Type:text/html;charset=ISO-8859-1 Date:Wed, 17 Feb 2016 19:57:04 GMT Server:Apache-Coyote/1.1
Commonly used standard request Headers
AcceptMedia types that a client can accept. Example: Accept: text/html
Accept-Charset
Character sets that are acceptable. Example: Accept-Charset: utf-8
Accept-Encoding
List of acceptable encodings (converting message into a coded form). Example: Accept-Encoding: gzip, deflate
Accept-Language
Set of natural languages that are preferred as a response to the request. Example: Accept-Language: en-US,en;q=0.8
Connection
The Connection header field allows the sender to specify options that are desired for that particular connection.
When we make requests with "Connection: keep-alive" the subsequent request to the server will use the same TCP
connection. This is called HTTP persistent connection. The default connection timeout of Apache httpd 2.2 and above
is five seconds.
"Connection: close" indicates that once the request has been made the server needs to close the connection. And so
for each request a new TCP connection will be established. Example: Connection: keep-alive
User-Agent
This contains tokens that provide specific details about the system and browser/application making the request. Example: User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) ... Chrome/48.0.2564.109 ...
From
The email address of the user making the request Example: user@example.com
Authorization
Authentication credentials for HTTP authentication Example: Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
If-Modified-Since
If the requested variant has not been modified since the time specified in this field, an entity will not be
returned from the server; instead, a 304 (not modified) response will be returned without any message-body. Example: If-Modified-Since: Sat, 29 Oct 1994 19:43:31 GMT
Commonly used standard response Headers
Cache-Control
This header indicates whether the resource may be cached by the browser. Some of the values are "no-cache",
"max-age=<number of seconds>", "no-store", "must-revalidate" ", "only-if-cached" Example: Cache-Control: max-age=3600
Content-Encoding
The type of encoding used on the body data. Example: Content-Encoding: gzip
Content-Length
The length of the response body in octets (8-bit bytes). Example: Content-Length: 348
Content-Type
The MIME type of the body data. Example: Content-Type:text/html;charset=ISO-8859-1
Content-Location
It can be used to supply the resource location for the entity enclosed in the message when it is accessible from
alternate location separate from the requested resource's URI. It can also be used when a requested resource has
multiple representations available, e.g. multiple languages. Example: Content-Location: /data.json
Date
The date and time when the message was sent. Example: Date:Wed, 17 Feb 2016 19:57:04 GMT
Last-Modified
The last modified date for the requested resource. Example: Last-Modified: Tue, 15 Nov 1994 12:45:26 GMT
Location
Used in redirection, or when a new resource has been created. Example: Location: http://www.example.com/newPage.html
Pragma
It may contain Implementation-specific fields. For example 'no-cache' used for HTTP/1.0 implementation to prevent
caching on client. Example: Pragma: no-cache
Retry-After
If an entity is temporarily unavailable, this directive tells the client to try again later. Example: Retry-After: 120, also: Retry-After: Fri, 07 Nov 2014
23:59:59 GMT
Server
A name for the server along with other details Example: Server:Apache-Coyote/1.1
Set-Cookie
The Set-Cookie header is sent by the server to create a cookie on the user's system. Example: Set-Cookie: UserID=joe; last-visited=2016-02-14
Allow
The Allow header field lists the set of methods supported by the resource identified by the Request-URI. Example: Allow: GET, HEAD
WWW-Authenticate
If an HTTP request
lacks credentials, the server can reply with
401 (Unauthorized) status code and the
WWW-Authenticate header field.
The WWW-Authenticate header field indicates the authentication
scheme(s) and parameters applicable to the target resource.
Example: WWW-Authenticate: Basic realm="Some value"
Where realm value is used to group the resources. All pages within this group will share
the same authentication credentials.
Sending Custom Headers in HTTP request
A HTTP request can also include custom headers.
That's not possible using
HTML hyperlink or through from submission.
We can use Ajax's XMLHttpRequest object to set custom headers.
xmlhttp.setRequestHeader("myCustomHeader", headerValue);
Or we can also use JQuery:
$.ajax({ .... beforeSend: function(xhr){ xhr.setRequestHeader("myCustomHeader", headerValue); } .. });
Or using any http client API. For example in Java we can use java.net.HttpURLConnection to
send standard or custom headers like this:
URL obj = new URL(theUrl); HttpURLConnection con = (HttpURLConnection) obj.openConnection(); //adding header con.setRequestProperty("myCustomHeader", headerValue);
|