Headers are :
- properties (textual name-value pairs, ie both name and value are text)
- located in the head of:
The HTTP headers are equivalent to fields in other protocols that have the same basic meaning. For example, the HTTP authentication headers are equivalent to the authentication aspects of the FTP protocol.
The name of a header field is not case-sensitive. Multiple values can be assigned to the same name.
RFC 2616 defines a wide range of header fields for handling various aspects of the HTTP protocol.
Other specifications, like RFC 2617 and RFC 2965, define additional headers. Some of the defined headers are for general use, others are meant for exclusive use with either requests or responses, still others are meant for use only with an entity.
Any headers beginning with X- are custom headers, and are not included in the HTTP spec.
- Devtool network tab such as firefox
You can set header of request via the web server (http server).
Example with apache: Apache - HTTP Header (mod_header module)
The html meta http-equiv can be used to set the header of HTML document retrieved with HTTP.
- with a csp header
<meta http-equiv="Content-Security-Policy" content="block-all-mixed-content" />
- or expiration
<META http-equiv="Expires" content="Tue, 20 Aug 1996 14:25:27 GMT">