(also Hypertext Transfer Protocol header)
HTTP header definition
HTTP is a widely used internet protocol for transmitting files (e.g., image, sound, video). An HTTP header is a field in an HTTP request or response that carries additional context about the request, including its metadata. This field allows the client or the server to pass specific information with an HTTP request (e.g., preferred media formats). HTTP headers are case-sensitive and separated by a colon.,
HTTP header types
- Request headers: Used in an HTTP request to provide information and request context, allowing the server to tailor the response.
- Response headers: Carry additional information about the response (e.g., location) or the responding server.
- Representation headers: Hold information about the resource’s body (e.g., its media type or encoding).
- Payload headers: Describe the payload information related to the safe reconstruction and transport of the original message (e.g., length of the message payload, encoding, message integrity checks, etc.)
HTTP security headers
- HTTP is not secure because the web page data is not encrypted in transit.
- HTTP security headers are a particular subset of response headers designed to improve web application security and protect against common website attacks (like DDoS and SQL injections).
- By configuring a web application’s security defenses in web browsers, these headers can restrict browsers from running into preventable vulnerabilities. The customizable security headers include HTTP Strict Transport Security (HSTS), Content Security Policy (CSP), and HTTP Public Key Pinning (HPKP).