HTTP stands for Hyper Text Transfer Protocol. It is the core protocol for world wide web. HTTP headers are the main part of the HTTP request/response and they carry information about the client browser, requested page, server and more.
HTTP Request Structure
GET / HTTP/1.1
Cookie: __utma=11735858.1643881083.1401311271.1401825126.1404160307.8; __utmc=11735858; __utmz=11735858.1404160307.8.8.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=(not%20provided); GCSCE_DCD9EFD368BB71597C3C679D792904852E5955FE_S3=C=108380595987-4e427srhd9jr0lsnohleutb2ilbuof70.apps.googleusercontent.com:S=47744a8988253424301945f9b3745a2ead572c61.ksUwtTC_fFCwtR_S.4bb2:I=1404945498:X=1405031898
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
The first line of the HTTP request is called the request line which contains 3 things:
- Method – GET/POST/PUT/DELETE/HEAD
- Path – path of url after the host
- Protocal – HTTP and version 1.1
The remainder of the request contains HTTP headers with “name:value” pairs on each line.
HTTP request methods:
- GET : retrieve a document
- POST : send data to server. Even though you can send data to the server using GET and the query string, in many cases POST will be preferable. Sending large amounts of data using GET is not practical and has limitations.
- HEAD : Retrieve header info. With this method, the browser checks if the doc is modified (for caching purposes) or whether the doc exists or not
- PUT : store the entity body at a specified url location (present in the request)
- DELETE : delete the file at a specified url location.
HTTP request headers:
- Host : Domain-name that the browser is currently looking at
- User-agent : Browser name and version; OS name and version
- Accept-language : Default language setting for the user
- Accept-encoding : Most browsers supports compression encoding techniques like gzip.
- If-modified-since : Browser sends this header so that if the doc is not modified the server returns 304 (Not modified) and it gets the doc from the cache
- Cookie : Sends cookies stored in your browser for that particular domain. Cookies are client-side whereas Sessions are server-side. I will detail it out in another post
- Referrer : the url which referred this url (for e.g. if u come from google, referrer is google.com)
HTTP Response Structure
HTTP/1.1 200 OK
Cache-Control: no-cache, must-revalidate, max-age=0
Content-Type: text/html; charset=UTF-8
Date: Fri, 18 Jul 2014 21:44:10 GMT
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Link: ; rel=shortlink
The first line contains two things:
- Protocol and the version
- Status code
- 200 – Successful request
- 300 – Redirection
- 400 – if there is problem with the request
- 500 – if there is problem with the server
For complete list of status code, please refer to the wikipedia article
HTTP response headers
- cache-control : specify directives which should be obeyed by all caching mechanisms.
1Cache-Control: max-age=3600, public
public means it can be cached by anyone but for 3600 seconds only.
- Content-type : mime-type of the document
- Content-disposition : Instructions for browser as to how to handle the content
12Content-Type: application/zipContent-Disposition: attachment; filename="download.zip"
- Content-length : size of the document. Helps the browser figure out the progress of the download
- Etag : Used for caching purposes. Whenever a doc is fetched, Etag header specifies a unique value. This value can be based on last modified, checksum or file size. Now whenever the browser want to refetch it, it can do so using etag and if etag is present then it will be shown 304 (content not modified)
- Location : Used for redirections.
- Set-cookie : When the website wants to set/update cookies for the browser.
- WWW-authenticate : A website may send the user this header in-order to authenticate him over HTTP. When browser sees this, it opens a login window.
- Content-encoding : To specify that the document is encoded
For more information