About
Headers are :
- properties (textual name-value pairs, ie both name and value are text)
- located in the head of:
- a http request that the client sends
- a http response that the server sends
The HTTP headers are equivalent to fields in other protocols that have the same basic meaning. For example, the HTTP authentication headers are equivalent to the authentication aspects of the FTP protocol.
The name of a header field is not case-sensitive. Multiple values can be assigned to the same name.
RFC 2616 defines a wide range of header fields for handling various aspects of the HTTP protocol.
Other specifications, like RFC 2617 and RFC 2965, define additional headers. Some of the defined headers are for general use, others are meant for exclusive use with either requests or responses, still others are meant for use only with an entity.
Type
X header
Any headers beginning with X- are custom headers, and are not included in the HTTP spec.
Management
Tool
- Devtool network tab such as firefox
- https://redbot.org/ - to analyse and get a description of your headers.
List
See:
Set
Setting an header is heavily dependent of the technology used. You can set it:
- on a web_server level via its configuration or modules
- on a http request and http response level (ie in your app code)
- on a proxy
Web Server
You can set header of request via the web server (http server).
Example with apache: Apache - HTTP Header (mod_header module)
HTML
The html meta http-equiv can be used to set the header of HTML document retrieved with HTTP.
Example:
- with a csp header
<meta http-equiv="Content-Security-Policy" content="block-all-mixed-content" />
- or expiration
<META http-equiv="Expires" content="Tue, 20 Aug 1996 14:25:27 GMT">
See Reference