There are two different types of headers, Request headers and Response headers. Their formats differ, but generally they each consist of an opening line, header lines, and a status line. There will be an example of each later in the article.

Each of the items above must start on a new line. In response headers, the HTML or other output to the browser comes after the blank line at the end of the headers.

There may be some confusion, because the individual header directives or fields are also often referred to as "headers." I'm afraid that this article is guilty of that as well because "header directives" is too long.

Here is an example of a request header that might be sent by a web browser to a web server:

GET /index.html HTTP/1.1

Host: www.google.com
From: someone@adomain.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0)

[blank line above]

It is pretty obvious that what this header does is request the home page of google.com from the server.

The first two lines beginning with GET and Host: are the only ones required under the HTTP/1.1 specification. GET, in the first line, is the method. Another request method you may be familiar with is POST. There are also several others.

There is a required blank line as the last line of the sample request.

Next is an example of an actual response header received from Google.com:

Date: Fri, 27 Jun 2008 00:22:19 GMT

Expires: -1

Cache-Control: private, must-revalidate, max-age=0

Content-Type: text/html; charset=UTF-8

Last-Modified: Fri, 27 Jun 2008 00:22:18 GMT

Etag: 9398183226707537952

Set-Cookie: IGTP=LI=1:LM=1214526139; expires=Sun, 27-Jun-2010 00:22:19 GMT; path=/ig;

domain=www.google.com

Content-Encoding: gzip

Server: igfe

Content-Length: 49301

X-Cache: MISS from proxy2.online.com.kh

Via: 1.0 proxy2.online.com.kh:3128 (squid/2.6.STABLE20)

Connection: keep-alive

200 OK

[HTML Content]

Let's take a look at each line of this header. The length and scope of this article doesn't permit going into detail regarding each one of these fields, but here is an overview.

Date: This just shows the date and time that the response was received.

Expires: This is the date and time that the content is considered to be out of date. This is often used for data that is updated at a fixed time, in order to prevent browsers from caching the resource beyond the date and time specified.

Cache-Control: This line contains directives regarding how the content is cached. In this case, because of must-revalidate and max-age = 0, the content is not cached.

Content-Type: This tells the browser what content type(s) to expect, and how it is encoded. It is written as a MIME type.

Last-Modified: When the content was last modified.

Etag: This is short for "entity tag." It is used for determining whether the cached URI is identical to the requested URI on the server.

Set-Cookie: Sets a cookie with expiration date and time.

Content-Encoding: How the content is encoded.

Server: The type of server sending the response.

Content-Length: In bytes.

X-Cache: This has something to do with compression.