HTTP Headers

Key-value pairs sent in HTTP messages that provide critical metadata about the request or response.

Internet3 min readConcept 12 of 35

What it is

**HTTP Headers** are key-value pairs (e.g., Content-Type: application/json) sent in HTTP requests and responses. They provide essential metadata about the transaction, such as who is making the request, what format the data is in, how long it should be cached, and what security policies apply.

Why it matters

Headers control almost every advanced feature of the web. They are responsible for Authentication (Authorization), caching strategies (Cache-Control), payload parsing (Content-Type), and Cross-Origin Resource Sharing (CORS).

How it works

Headers follow a strict <Header-Name>: <Value> format in plain text. The keys are case-insensitive. A single empty line (CRLF) signals the end of the headers and the beginning of the body.

Try it

Toggle the switches in the Header Inspector below to see how specific headers alter the behavior of a network request.

Browser
API Server

Request Headers (Sent by Browser)

Response Headers (Sent by Server)

Check yourself

Pick an answer to lock it in, then read why. Getting one wrong is part of how it sticks.

  1. 1If a frontend application sends a JSON payload to an API, which header MUST it include so the server knows how to parse it?
  2. 2Which statement about CORS (Cross-Origin Resource Sharing) is true?
  3. 3Which header is traditionally used to pass a JWT (JSON Web Token) to an API for authentication?

Remember this

  • Content-Type tells the receiver how to parse the body (e.g., JSON vs URL-encoded).
  • Authorization is used to send tokens (e.g., Bearer tokens) to prove identity.
  • CORS errors happen in the browser because the server didn't send the right headers.
  • Header names are case-insensitive.

Done with this concept?

Mark it complete to track your progress. No login needed.