Open in app

Sign in

Write

Sign in

HTTP Headers

Matthew MacFarquhar
3 min readNov 26, 2022

--

HTTP Headers are an integral part of how the web functions. They contain information about the request (like the user agent used to make the request, the content the requester will accept, and the language). They contain information about the response (like the content type, cookies to set, and caching information). They can also supply general Headers which cover things like the ip address of the server, and the REST Method.

To see these headers for yourself go to the chrome developer tools >> network >> reload >> click on a file >> look at the Headers section. It should look something like this.

In the following code example, we will talk about the request headers x-auth-token and user-agent, and response header set-cookie.

const express = require('express')
const app = express()
const port = 3000

app.get("/authRoute", (req, res) => {
    //KEEP TRACK OF ACCESSES
    console.log(req.header("user-agent"));
    const token = req.header("x-auth-token");
    if (token == null) {
        return res.status(400).send("No Auth Token Provided");
    } else if (token !== "password") {
        return res.status(401).send("Incorrect Token Provided")
    } else {
        res.setHeader("set-cookie", "username=bob, Max-Age=160000")
        res.setHeader("custom-header", "hello world!")
        res.send("Welcome!");
    }
});

app.listen(port, () => {
    console.log(`Example app listening on port ${port}`)
})

Imagine we have this basic express.js node server. We have one route which only lets you in if you provide the x-auth-token “password” in your request headers. We also log the user-agent to track how our server is being accessed. I will be using Postman to test out all three cases.

No Auth Token

In our first request, we supply no x-auth-token and get a 400 error meaning we provided no authentication.

Incorrect Auth Token

Next, we will provide the x-auth-token header, but we will have the wrong value, so we will get a 401 since we are unauthorized to access the page given the current auth token.

Correct Auth Token

Finally, we supply the correct auth token, our server greets us with a 200 code and message “Welcome!” it also sends back a cookie using the set-cookie response header and we also provide our own custom header.

So there we have it, we can now utilize headers for cookies, metrics and route gating. This is the link to some commonly used headers, but in general headers can be whatever the server and client agree upon, so if you own the client and server logic, you can make the headers whatever you want.

Some other cool things you could try to accomplish with HTTP Headers are: checking the user-agent to see if the request is coming from a mobile or desktop device and route it to the desired html view, checking the Content-Length of a response and pre-allocate memory to store it all instead of reading the content chunk by chunk via a stream, and any other cool applications you can think of, and if you have any ideas feel free to comment them below!

Https
Http Headers
Js
Programming
Internet

--

--

Matthew MacFarquhar
Matthew MacFarquhar

Written by Matthew MacFarquhar

259 Followers
145 Following

I am a software engineer working for Amazon living in SF/NYC.

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams