HTTP: HTTP Response Headers

Every HTTP response can have a set of headers.

Let’s list the most important/useful response headers.

`Age`

Age: 12

The age the object has been in a proxy cache in seconds

`Cache-Control`

Cache-Control: max-age=3600 Cache-Control: no-cache, no-store, max-age=0, must-revalidate

If no-cache is used, the Cache-Control header can tell the browser to never use a cached version of a resource without first checking the ETag value.

max-age is measured in seconds

The more restrictive no-store option tells the browser (and all the intermediary network devices) the not even store the resource in its cache:

Cache-Control: no-store

`Content-Disposition`

Content-Disposition: attachment; filename="file.txt"

An opportunity to raise a “File Download” dialogue box for a known MIME type with binary format or suggest a filename for dynamic content. Quotes are necessary with special characters

`Content-Encoding`

Content-Encoding: gzip

The type of encoding used on the data. See HTTP compression

`Content-Language`

Content-Language: en

The natural language or languages of the intended audience for the enclosed content

`Content-Length`

Content-Length: 348

The length of the response body expressed in 8-bit bytes

`Content-Type`

Content-Type: text/html; charset=utf-8

The MIME type of this content

`Date`

Date: Tue, 15 Nov 1994 08:12:31 GMT

The date and time that the message was sent (in “HTTP-date” format as defined by RFC 7231)

`ETag`

ETag: "737060cd8c284d8a[...]"

An identifier for a specific version of a resource, often a message digest

`Expires`

Expires: Sat, 01 Dec 2018 16:00:00 GMT

Gives the date/time after which the response is considered stale (in “HTTP-date” format as defined by RFC 7231)

`Last-Modified`

Last-Modified: Mon, 15 Nov 2017 12:00:00 GMT

The last modified date for the requested object (in “HTTP-date” format as defined by RFC 7231)

`Location`

Location: /pub/WWW/People.html

Used in redirection, or when a new resource has been created

`Server`

Server: Apache/2.4.1 (Unix)

A name for the server

`Set-Cookie`

Set-Cookie: UserID=JohnDoe; Max-Age=3600; Version=1

Sets an HTTP cookie

Non-standard headers

Some headers are non-standard.

`Content-Security-Policy`

Helps to protect against XSS attacks. See MDN for more details

Lessons in this unit:

0:	Introduction
1:	An HTTP request
2:	HTTP Methods
3:	HTTP Status Codes
4:	HTTP Client/Server communication
5:	HTTP Request Headers
6:	▶︎ HTTP Response Headers
7:	HTTPS
8:	HTTP/2
9:	HTTP/3

Are you intimidated by Git? Can’t figure out merge vs rebase? Are you afraid of screwing up something any time you have to do something in Git? Do you rely on ChatGPT or random people’s answer on StackOverflow to fix your problems? Your coworkers are tired of explaining Git to you all the time? Git is something we all need to use, but few of us really master it. I created this course to improve your Git (and GitHub) knowledge at a radical level. Launching May 21, 2024. Join the waiting list!