HTTP Headers

HTTP Headers are an integral part of how the web functions. They contain information about the request (like the user agent used to make the request, the content the requester will accept, and the language). They contain information about the response (like the content type, cookies to set, and caching information). They can also supply general Headers which cover things like the ip address of the server, and the REST Method.

To see these headers for yourself go to the chrome developer tools >> network >> reload >> click on a file >> look at the Headers section. It should look something like this.

In the following code example, we will talk about the request headers x-auth-token and user-agent, and response header set-cookie.

Imagine we have this basic express.js node server. We have one route which only lets you in if you provide the x-auth-token “password” in your request headers. We also log the user-agent to track how our server is being accessed. I will be using Postman to test out all three cases.

No Auth Token

In our first request, we supply no x-auth-token and get a 400 error meaning we provided no authentication.

Incorrect Auth Token

Next, we will provide the x-auth-token header, but we will have the wrong value, so we will get a 401 since we are unauthorized to access the page given the current auth token.

Correct Auth Token

Finally, we supply the correct auth token, our server greets us with a 200 code and message “Welcome!” it also sends back a cookie using the set-cookie response header and we also provide our own custom header.

So there we have it, we can now utilize headers for cookies, metrics and route gating. This is the link to some commonly used headers, but in general headers can be whatever the server and client agree upon, so if you own the client and server logic, you can make the headers whatever you want.

Some other cool things you could try to accomplish with HTTP Headers are: checking the user-agent to see if the request is coming from a mobile or desktop device and route it to the desired html view, checking the Content-Length of a response and pre-allocate memory to store it all instead of reading the content chunk by chunk via a stream, and any other cool applications you can think of, and if you have any ideas feel free to comment them below!



I am a software engineer working for Amazon living in SF/NYC.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store