HTTP headers are used to pass information between the server and the client and it consists of a key-value pair. The headers are not considered secure by themselves since the key value is plain text but if they travel over HTTPS they're encrypted from end to end and can only be accessed by one of the parties.
Both, the server and the client can write the Headers. Usually, the headers that travel from the client to the server are considered "request headers" and those in the opposite direction the "response headers". Finally, those that travel both ways back and forward are the "general headers."
List of headers
The list of available headers that we can use is too big to write on a simple blog post without overcomplicating it. Let's see the most important ones only
Contains the tokens or credentials used to authenticate with the server like the JWT for example.
Connection and keep-alive
Controls the server connections and for how long the connection stays open.
This is a group of headers that usually go as
accept-xxx and it's used to define several important information from the language to the encoding.
Contains information about the user machine, like browser and operating system.
Cookies and set-Cookies are two heavily used headers that we can spend tons of time talking about what can and should use for.
Will try to give more info on that in a different post.