Vaidikalaya
Privious Next

HTTP Headers

HTTP headers are key-value pairs sent between the client (browser) and server during an HTTP request or response. They carry metadata about the request or response.

Types of HTTP Headers
  1. Request Headers (sent by the client to the server)
  2. Response Headers (sent by the server to the client)
Request Headers

Request headers are key-value pairs sent by the client (browser or app) to the server when making an HTTP request. They carry metadata about the request, such as the browser type, authentication, content type, and more.

Common Request Headers
  1. Host: The domain name (e.g., vaidikalaya.com)
  2. User-Agent: Info about the browser/app making the request
  3. Accept: Tells the server what content type is expected (application/json, text/html, etc.)
  4. Authorization: Sends credentials (e.g., Bearer token or Basic auth)
  5. Content-Type: The format of the data being sent (application/json, form-data)
  6. Cookie: Sends cookies to the server

Example in Javascript

Example
fetch('https://api.example.com/user', {
  method: 'GET',
  headers: {
    'Authorization': 'Bearer abc123xyz',
    'Accept': 'application/json',
    'Content-Type': 'application/json'
  }
});

Note
Request headers are automatically added by browsers or can be manually set in custom requests (e.g., using fetch, Axios, Postman).

Headers Added Automatically by the Browser: Host, User-Agent, Accept, Accept-Language, Connection, Origin, Cookie.

Headers Not Added Automatically by the Browser: Authorization (Bearer tokens, API keys), Custom Headers (X-CSRF-TOKEN, X-Requested-With), Content-Type

Response Headers

Response headers are key-value pairs sent by the server back to the client (browser, Postman, etc.) along with the response content. They provide information about the response and how the client should handle it.

Common Response Headers
  1. Content-Type: Describes the type of data returned (e.g., text/html, application/json)
  2. Content-Length: Size of the response body in bytes
  3. Set-Cookie: Sends cookies to be stored on the client
  4. Cache-Control: Controls caching behavior (no-cache, max-age, etc.)
  5. ETag: Used for cache validation (efficient content reloading)
  6. Location: Used for redirection (e.g., Location: /login)
  7. Access-Control-Allow-Origin: CORS header: specifies who can access this resource
  8. Expires: Expiration date of the cached response
  9. Last-Modified: Date when resource was last changed
  10. X-RateLimit-Limit/Remaining: Used in APIs to indicate request rate limits
  11. Content-Encoding: Indicates compression (e.g., gzip)

Example
Example
HTTP/1.1 200 OK
  Date: Tue, 26 Mar 2025 12:45:00 GMT
  Content-Type: application/json
  Content-Length: 84
  Connection: keep-alive
  Cache-Control: no-cache
  Access-Control-Allow-Origin: *
  Server: nginx/1.18.0
  X-Powered-By: PHP/8.2.2

HTTP Ports

When your browser connects to a website, it uses a port number along with the IP address to reach the correct service on the server.

Default Http Ports

There are some default ports that browsers use if you don’t explicitly provide a port in the URL.

(browser, Postman, etc.) along with the response content. They provide information about the response and how the client should handle it.

  • 80 (HTTP): Default port for unsecured web traffic (http://)
  • 443 (HTTPS): Default port for secure web traffic using SSL/TLS (https://)

Example
Example
  • http://example.com → uses port 80 internally
  • https://example.com → uses port 443 internally
  • http://localhost:8000 → uses port 8000 (custom)y

Other Common Ports in Web Development:
  • 3000: Default port for React/Node.js
  • 8000: Default port for Laravel or Python (Django/Flask)
  • 8080: Alternative HTTP port, often used when 80 is blocked
  • 3306: MySQL database server (not HTTP, but used in backend)
  • 5432: PostgreSQL database server
  • 27017: MongoDB server

Privious Next