PHP Web Services (2013)

Appendix B. Common HTTP Headers

Here we look at a series of often-used headers, whether they are request or response headers, and how they can be used.

Header

Request

Response

Notes

Accept

yes

 

This shows the formats, with an indication of preference, that the requesting client can understand. Closely related are the additional headers Accept-Charset, Accept-Encoding, and Accept-Language.

Authorization

yes

 

This is free-form information to prove a user’s identity. This is used in basic authentication, digest authentication, OAuth, and so on; each has their own format of exactly what goes in the header.

Cookie

yes

 

Cookies are key/value pairs sent with each request, separated by a semicolon. This is the sister header to Set-Cookie.

Content-Length

yes

yes

Any request or response with body content should also have the Content-Length in bytes in the header; often your HTTP library will calculate this for you.

Content-Type

yes

yes

Any request or response with body content should include the Content-Type header to provide information about the format of that body content. As with the Accept headers, Content-Encoding and Content-Language may also be sent to give information about the format of the content.

ETag

 

yes

This is an identifier for the version of the resource that is being returned. If the client caches the resource, this information can be used with If-None-Match to work out whether a resource has been updated or if the previous version can be used.

If-Modified-Since and If-None-Match

yes

 

This informs the server that there is a cached copy of this resource and allows the server to return a 304 status code if that resource is still valid.

Last-Modified

 

yes

This provides information about when this resource was last updated; the client can use this to check if it has the most recent version of the resource upon subsequent requests.

Location

 

yes

This provides information about a location and is used either with 300-series status codes when redirecting, or with 201/202 to give information about the location of a new resource.

Set-Cookie

 

yes

This sends cookies to be stored on the client and sent back in a Cookie header with later requests.

User-Agent

yes

 

This provides information about the client software making the request.