1. What are HTTP headers?
HTTP is written by "Hypertext Transfer Protocol". The entire World Wide Web uses this protocol. Almost most of the content you see in the browser is transmitted through the http protocol.
HTTP Headers is the core of the HTTP request and corresponding, which carries information about the client browser, request page, server, etc.
When you type a url in the browser address bar, your browser will be similar to the following http request:
GET /tutorials/other/top-20-mysql-best-practices/ HTTP/1.1
Host: net.tutsplus.comUser-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 (.NET CLR 3.5.30729)
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Cookie: PHPSESSID=r2t5uvjq435r4q7ib3vtdjq120Pragma: no-cacheCache-Control: no-cache
The first line is called "Request Line" and it describes the basic information of the request, and the rest is HTTP headers.
After the request is completed, your browser may receive the following HTTP response:
HTTP/1.x 200 OK
Transfer-Encoding: chunkedDate: Sat, 28 Nov 2009 04:36:25
GMTServer: LiteSpeedConnection: closeX-Powered-By: W3 Total Cache/0.8Pragma: publicExpires: Sat, 28 Nov 2009 05:36:25 GMTEtag: "pub1259380237;gz"Cache-Control: max-age=3600, public
Content-Type: text/html; charset=UTF-8
Last-Modified: Sat, 28 Nov 2009 03:50:37
GMTX-Pingback: http://net.tutsplus.com/xmlrpc.php
Content-Encoding: gzipVary:
Accept-Encoding,
Cookie, User-Agent<!-- ... rest of the html ...
The first line is called "Status Line". After it is http headers, the output starts after the blank line (in this case, some html output).
But you can't see the HTTP headers when you look at the source code of the page, although they are sent to the browser along with what you can see.
This HTTP request also sends out some other resource receiving requests, such as pictures, css files, js files and so on.
2. How to view HTTP headers in the browser
-
Open the browser, F12 to open the console
-
Enter the access URL
-
Click Network, click Request, click Headers. You can see
Three, HTTP header common attributes
(1) Host:
The request header field is mainly used to specify the Internet host and port number of the requested resource. It is usually extracted from the HTTP URL. For example, we enter in the browser: https://www.baidu.com, the request sent by the browser The message will include the Host request header field, as follows:
Host: www.baidu.com (the default port number 443 is used here, if the port number is specified, it becomes: Host: the specified port number
(2)Referer
When a browser sends a request to a web server, it will usually bring a Referer to tell the server which page the request is linked from, so that the server can obtain some information for processing. For example, if I link to a friend from my homepage, his server can count from the HTTP Referer how many users click on the link on my homepage to visit his website every day.
(3)User-Agent
- This is more important for crawlers because all classes need to add this attribute, otherwise the websites that have been slightly processed will not be crawled.
Tell the HTTP server, the name and version of the operating system and browser used by the client.
When we log on to the forum online, we often see some welcome messages, which list the name and version of your operating system, which often makes many people feel amazing. In fact, the server application requests from User-Agent. This information is obtained in the header field. The User-Agent request header field allows the client to tell the server its operating system, browser, and other attributes.
For example: User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; CIBA; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C ; InfoPath.2; .NET4.0E)
- The application version "Mozilla/4.0" means: you use Maxthon 2.0 to browse du browser and use IE8 kernel;
- Version identification "zhiMSIE 8.0"
- The platform's own dao identification information "Windows NT 5.1" means "operating system is zhuan Windows XP"
- Trident kernel version "Trident/4.0", a kind of browser kernel, and the other is the WebKit kernel
(4)Content-type
Indicates what MIME type the following document belongs to. Servlet defaults to text/plain, but it usually needs to be explicitly specified as text/html. Since Content-Type is often set, HttpServletResponse provides a dedicated method setContentType.
Common media format types are as follows:
- text / html: HTML format
- text/plain: Plain text format
- text/xml: XML format
- image/gif: gif image format
- image/jpeg: jpg image format
- image/png: png picture format
Media format types beginning with application:
- application/xhtml+xml: XHTML format
- application/xml: XML data format
- application/atom+xml: Atom XML aggregation format
- application/json: JSON data format
- application/pdf: pdf format
- application/msword: Word document format
- application/octet-stream: binary stream data (such as common file downloads)
- application/x-www-form-urlencoded: In the default encType, the form data is encoded in key/value format and sent to the server (the default format of the submitted data in the form)
Another common media format is used when uploading files:
- multipart/form-data: When you need to upload files in the form, you need to use this format.
(5)Accept-Language
Accept-Langeuage: Indicate the types of languages that the browser can accept, such as en or en-us for English, zh or zh-cn for Chinese, which is used when the server can provide more than one language version.
(6)Cookie
Cookie: The browser uses this attribute to send cookies to the server. Cookie is a small data body stored in the browser, it can record user information related to the server, and can also be used to implement the session function.
(7) Common security attacks on headers
