HTTP Headers
Key-value pairs sent in HTTP messages that provide critical metadata about the request or response.
What it is
**HTTP Headers** are key-value pairs (e.g., Content-Type: application/json) sent in HTTP requests and responses. They provide essential metadata about the transaction, such as who is making the request, what format the data is in, how long it should be cached, and what security policies apply.
Why it matters
Headers control almost every advanced feature of the web. They are responsible for Authentication (Authorization), caching strategies (Cache-Control), payload parsing (Content-Type), and Cross-Origin Resource Sharing (CORS).
How it works
Headers follow a strict <Header-Name>: <Value> format in plain text. The keys are case-insensitive. A single empty line (CRLF) signals the end of the headers and the beginning of the body.
Try it
Toggle the switches in the Header Inspector below to see how specific headers alter the behavior of a network request.
Request Headers (Sent by Browser)
Response Headers (Sent by Server)
Check yourself
Pick an answer to lock it in, then read why. Getting one wrong is part of how it sticks.
Remember this
- Content-Type tells the receiver how to parse the body (e.g., JSON vs URL-encoded).
- Authorization is used to send tokens (e.g., Bearer tokens) to prove identity.
- CORS errors happen in the browser because the server didn't send the right headers.
- Header names are case-insensitive.
Done with this concept?
Mark it complete to track your progress. No login needed.