Understanding HTTP Headers

What HTTP headers are, why they matter, and how to use them to improve security and performance.

What Are HTTP Headers?

HTTP headers are name-value pairs sent between a client (browser) and a server with every HTTP request and response. They appear before the body of the message, separated from it by a blank line. While the body carries the actual content (HTML, JSON, images), headers carry metadata — instructions, context, and status information that both sides use to handle the communication correctly.

Every time you load a webpage, your browser sends a request with headers, and the server replies with its own set. Most of this happens invisibly, but understanding these headers gives you control over caching, security, content types, and how browsers render your pages.

Common Request Headers

Request headers are sent by the browser to the server. They tell the server who's asking and what they want:

HeaderPurpose
HostThe domain name being requested — required in HTTP/1.1
User-AgentIdentifies the browser and OS (e.g., Chrome on Windows)
AcceptTells the server what content types the client can handle
Accept-LanguagePreferred language (e.g., en-US)
AuthorizationCarries credentials for authenticated requests
RefererThe URL of the page that linked to the current request

Common Response Headers

Response headers come back from the server and tell the browser how to handle the content:

HeaderPurpose
Content-TypeMIME type of the response body (e.g., text/html; charset=UTF-8)
Content-LengthSize of the response body in bytes
Cache-ControlDirectives for caching (e.g., max-age=3600)
Set-CookieSends a cookie to the browser for storage
LocationURL for redirects (used with 301/302 responses)
ServerSoftware running on the server (e.g., nginx, Apache)

Security Headers Every Site Should Have

Security headers instruct browsers to enable built-in protections. These are the essentials:

How to Inspect Headers

You can check headers in several ways:

Try the Header Inspector

Want to see what headers your website sends? Use our HTTP Header Inspector to check any URL and get a detailed breakdown including security header analysis.

Inspect Headers Now →