HTTP Headers

HTTP headers are used to pass information between the server and the client and it consists of a key-value pair. The headers are not considered secure by themselves since the key value is plain text but if they travel over HTTPS they're encrypted from end to end and can only be accessed by one of the parties.

Both, the server and the client can write the Headers. Usually, the headers that travel from the client to the server are considered "request headers" and those in the opposite direction the "response headers". Finally, those that travel both ways back and forward are the "general headers."

List of headers

The list of available headers that we can use is too big to write on a simple blog post without overcomplicating it. Let's see the most important ones only

Authorization

Contains the tokens or credentials used to authenticate with the server like the JWT for example.

Connection and keep-alive

Controls the server connections and for how long the connection stays open.

Content negotiation

This is a group of headers that usually go as accept-xxx and it's used to define several important information from the language to the encoding.

User-agent

Contains information about the user machine, like browser and operating system.

Cookies

Cookies and set-Cookies are two heavily used headers that we can spend tons of time talking about what can and should use for.

Will try to give more info on that in a different post.