PHP Web Services (2013)
Appendix B. Common HTTP Headers
Here we look at a series of often-used headers, whether they are request or response headers, and how they can be used.
|
Header |
Request |
Response |
Notes |
|
Accept |
yes |
This shows the formats, with an indication of preference, that the requesting client can understand. Closely related are the additional headers Accept-Charset, Accept-Encoding, and Accept-Language. |
|
|
Authorization |
yes |
This is free-form information to prove a user’s identity. This is used in basic authentication, digest authentication, OAuth, and so on; each has their own format of exactly what goes in the header. |
|
|
Cookie |
yes |
Cookies are key/value pairs sent with each request, separated by a semicolon. This is the sister header to Set-Cookie. |
|
|
Content-Length |
yes |
yes |
Any request or response with body content should also have the Content-Length in bytes in the header; often your HTTP library will calculate this for you. |
|
Content-Type |
yes |
yes |
Any request or response with body content should include the Content-Type header to provide information about the format of that body content. As with the Accept headers, Content-Encoding and Content-Language may also be sent to give information about the format of the content. |
|
ETag |
yes |
This is an identifier for the version of the resource that is being returned. If the client caches the resource, this information can be used with If-None-Match to work out whether a resource has been updated or if the previous version can be used. |
|
|
If-Modified-Since and If-None-Match |
yes |
This informs the server that there is a cached copy of this resource and allows the server to return a 304 status code if that resource is still valid. |
|
|
Last-Modified |
yes |
This provides information about when this resource was last updated; the client can use this to check if it has the most recent version of the resource upon subsequent requests. |
|
|
Location |
yes |
This provides information about a location and is used either with 300-series status codes when redirecting, or with 201/202 to give information about the location of a new resource. |
|
|
Set-Cookie |
yes |
This sends cookies to be stored on the client and sent back in a Cookie header with later requests. |
|
|
User-Agent |
yes |
This provides information about the client software making the request. |