Common HTTP Request and Response Headers Explained

Introduction

If you are a developer, the terms request headers and response headers are familiar, but many are unsure about the meaning of specific parameters such as Cache-Control and Content-Type . This article explains the most commonly used request and response headers to help you ace interviews and broaden your knowledge.

What Are Request and Response Headers

Simply put, request and response headers are parts of the HTTP protocol. They carry additional attributes between the client (browser) and the server, controlling the behavior of HTTP requests and responses. Request headers are sent by the client to the server, while response headers are sent by the server to the client.

Common Request Header Meanings

Accept

Meaning: Indicates the content types the client can accept.

When a client makes a request, setting Accept tells the server which format to return.

accept: application/json, text/plain,

Accept-Charset

Meaning: Indicates the character sets the client can accept.

Accept-Charset: utf-8, iso-8859-1;q=0.5

Cookie

Meaning: Stores user‑specific information to identify the user.

It transmits a user ID so the server can recognize the user.

Cookie: session=abPC9527; user=tty

Origin

Meaning: Provides cross‑origin information for CORS requests.

Origin: https://tty.com

Referer

Meaning: Indicates the URL from which the current request originated.

Referer: https://tty.com/pageone

User-Agent

Meaning: Contains information about the client software, such as browser version and type.

User-Agent: Mozilla/3.0 (Windows NT 9.0; Win32; x64) AppleWebKit/517.36 (KHTML, like Gecko) Chrome/56.0.3029.110 Safari/517.3

If-Modified-Since

Meaning: Shows the time when the client last fetched the resource.

If-Modified-Since: Tue, 10 Oct 2021 11:01:01 GMT

Range

Meaning: Specifies a byte range to request a portion of the resource.

Range: bytes=0-255

Common Response Header Meanings

Access-Control-Allow-Origin

Meaning: Configures CORS by specifying which origins may access the resource; "*" allows all.

Access-Control-Allow-Origin: *

Cache-Control

Meaning: Defines caching policies for the response.

Cache-Control:public  // response may be cached
Cache-Control:must-revalidate  // cache must be revalidated under certain conditions
Cache-Control:no-cache  // always request fresh resource
Cache-Control:max-age=10  // cache validity in seconds
Cache-Control:no-store  // never store the response

Content-Length

Meaning: Indicates the size of the response body in bytes.

Content-Length: 9527

Content-Type

Meaning: Specifies the media type of the response body.

Content-Type: application/json

Date

Meaning: Shows the exact time the server started sending the response.

Date: Tue, 10 Oct 2021 11:01:01 GMT

ETag

Meaning: Used for cache validation; if unchanged, the server returns a 304 status.

ETag: "1234952790pc"

Location

Meaning: Provides a URL for redirection.

Location: https://tty.com/new-page

Set-Cookie

Meaning: Instructs the client to store a cookie for subsequent requests.

Set-Cookie: session=pc9527; Path=/; HttpOnly; Secure

Server

Meaning: Identifies the server software and its version.

Server: Apache/1.4.38 (Ubuntu)

X-Powered-By

Meaning: Indicates the backend framework or technology stack.

X-Powered-By: Express

Content-Encoding

Meaning: Shows the encoding (e.g., gzip) applied to the response body.

Content-Encoding: gzip

Last-Modified

Meaning: The timestamp when the resource was last changed.

Last-Modified: Tue, 10 Oct 2021 11:00:00 GMT

Expires

Meaning: Specifies the expiration time of the resource, after which it is considered stale.

Expires: Wed, 21 Oct 2021 07:21:00 GMT

Conclusion

Although these headers may seem rarely used in everyday business code, they are crucial for caching, cross‑origin requests, and security. Mastering them demonstrates a broad and solid knowledge base for developers.