Which HTTP request header is used to identify the URL of the resource from which a request URL was obtained?

An HTTP client sends an HTTP request to a server in the form of a request message which includes following format:

Table of Contents Show

Request-Line
Request Method
Request-URI
Examples of Request Message

A Request-line
Zero or more header (General|Request|Entity) fields followed by CRLF
An empty line (i.e., a line with nothing preceding the CRLF) indicating the end of the header fields
Optionally a message-body

The following sections explain each of the entities used in an HTTP request message.

Request-Line

The Request-Line begins with a method token, followed by the Request-URI and the protocol version, and ending with CRLF. The elements are separated by space SP characters.

Request-Line = Method SP Request-URI SP HTTP-Version CRLF

Let's discuss each of the parts mentioned in the Request-Line.

Request Method

The request method indicates the method to be performed on the resource identified by the given Request-URI. The method is case-sensitive and should always be mentioned in uppercase. The following table lists all the supported methods in HTTP/1.1.

S.N.	Method and Description
1	GET The GET method is used to retrieve information from the given server using a given URI. Requests using GET should only retrieve data and should have no other effect on the data.
2	HEAD Same as GET, but it transfers the status line and the header section only.
3	POST A POST request is used to send data to the server, for example, customer information, file upload, etc. using HTML forms.
4	PUT Replaces all the current representations of the target resource with the uploaded content.
5	DELETE Removes all the current representations of the target resource given by URI.
6	CONNECT Establishes a tunnel to the server identified by a given URI.
7	OPTIONS Describe the communication options for the target resource.
8	TRACE Performs a message loop back test along with the path to the target resource.

Request-URI

The Request-URI is a Uniform Resource Identifier and identifies the resource upon which to apply the request. Following are the most commonly used forms to specify an URI:

Request-URI = "*" | absoluteURI | abs_path | authority

S.N.

Method and Description

The asterisk * is used when an HTTP request does not apply to a particular resource, but to the server itself, and is only allowed when the method used does not necessarily apply to a resource. For example:

OPTIONS * HTTP/1.1

The absoluteURI is used when an HTTP request is being made to a proxy. The proxy is requested to forward the request or service from a valid cache, and return the response. For example:

GET http://www.w3.org/pub/WWW/TheProject.html HTTP/1.1

The most common form of Request-URI is that used to identify a resource on an origin server or gateway. For example, a client wishing to retrieve a resource directly from the origin server would create a TCP connection to port 80 of the host "www.w3.org" and send the following lines:

GET /pub/WWW/TheProject.html HTTP/1.1

Host: www.w3.org

Note that the absolute path cannot be empty; if none is present in the original URI, it MUST be given as "/" (the server root).

We will study General-header and Entity-header in a separate chapter when we will learn HTTP header fields. For now, let's check what Request header fields are.

The request-header fields allow the client to pass additional information about the request, and about the client itself, to the server. These fields act as request modifiers.Here is a list of some important Request-header fields that can be used based on the requirement:

Accept-Charset
Accept-Encoding
Accept-Language
Authorization
Expect
From
Host
If-Match
If-Modified-Since
If-None-Match
If-Range
If-Unmodified-Since
Max-Forwards
Proxy-Authorization
Range
Referer
TE
User-Agent

You can introduce your custom fields in case you are going to write your own custom Client and Web Server.

Examples of Request Message

Now let's put it all together to form an HTTP request to fetch hello.htm page from the web server running on tutorialspoint.com

GET /hello.htm HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE5.01; Windows NT) Host: www.tutorialspoint.com Accept-Language: en-us Accept-Encoding: gzip, deflate Connection: Keep-Alive

Here we are not sending any request data to the server because we are fetching a plain HTML page from the server. Connection is a general-header, and the rest of the headers are request headers. The following example shows how to send form data to the server using request message body:

POST /cgi-bin/process.cgi HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE5.01; Windows NT) Host: www.tutorialspoint.com Content-Type: application/x-www-form-urlencoded Content-Length: length Accept-Language: en-us Accept-Encoding: gzip, deflate Connection: Keep-Alive licenseID=string&content=string&/paramsXML=string

Here the given URL /cgi-bin/process.cgi will be used to process the passed data and accordingly, a response will be returned. Here content-type tells the server that the passed data is a simple web form data and length will be the actual length of the data put in the message body. The following example shows how you can pass plain XML to your web server:

POST /cgi-bin/process.cgi HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE5.01; Windows NT) Host: www.tutorialspoint.com Content-Type: text/xml; charset=utf-8 Content-Length: length Accept-Language: en-us Accept-Encoding: gzip, deflate Connection: Keep-Alive <?xml version="1.0" encoding="utf-8"?> <string xmlns="http://clearforest.com/">string</string>

Improve Article

Save Article

Like Article

The HTTP headers are used to pass additional information between the clients and the server through the request and response header. All the headers are case-insensitive, headers fields are separated by colon, key-value pairs in clear-text string format. The end of the header section denoted by an empty field header. There are a few header fields that can contain the comments. And a few headers can contain quality(q) key-value pairs that separated by an equal sign.

There are four kinds of headers context-wise:

General Header: This type of headers applied on Request and Response headers both but with out affecting the database body.
Request Header: This type of headers contains information about the fetched request by the client.
Response Header: This type of headers contains the location of the source that has been requested by the client.
Entity Header: This type of headers contains the information about the body of the resources like MIME type, Content-length.

Headers can also be categorized according to how proxies handle them:

Header	Description
Authorization	It is used to request restricted documents.
Proxy-Authenticate	It is a response header gives access to a resource file by defining an authorization method. It allows the proxy server to transmit the request further by authenticating it.
Proxy-Authorization	It is a request type of header. This header contains the credentials to authenticate between the user agent and the user-specified server.
WWW-Authenticate	It is a response header that defines the authentication method. It should be used to gain access to a resource.

Header	Description
Age	It is a response header. It defines the times in seconds of the object that have been in the proxy cache.
Cache-Control	It is a general type header used to specify directives for caching mechanisms.
Clear-Site-Data	It is a response-type header. This header is used in deleting the browsing data which is in the requesting website.
Expires	It is a response-type header, it is used to define date/time after that time that will be vanished.
Pragma	It is general-type header, but response behavior is not specified and thus implementation-specific.
Warnings	It is a general type header that is used to inform possible problems to the client.

Header	Description
Accept-CH	It is a response-type header. It specify which Client Hints headers client should include in subsequent requests.
Accept-CH-Lifetime	It is a response-type header used to specify persistence of Accept-CH header value.
Content-DPR	It is a response-type header. It is used to define the ratio between physical pixels over CSS pixels of the selected image response.
DPR	It is response-type header, It is used to defines the ratio of the physical pixels over the CSS pixels of the current window of the device.
Device-Memory	It is used to specify the approximate ram left on the client device.
Early-Data	It is a request-type header. This header is used indicate that the request has been conveyed in early data.
Save-Data	It is used to reduce the usage of the data on the client side.
Viewport-Width	It is used to indicates the layout viewport width in CSS pixels.
Width	It is a request-type header. This header is used indicates the desired resource width in physical pixels.

Header	Description
Last-Modified	The last modified response header is a header sent by the server specifying the date of the last modification of the requested source. This is the formal definition of Last-Modified of HTTP headers
ETag	It is a response-type header used as an identifier for a specific version of a resource.
If-Match	It is a request-type header. It is used to make the request conditional.
If-None-Match	It is a request-type header. Generally, it is used to update the entity tags on the server. Firstly, the Client provides the Server with a set of entity tags (E-tags).
If-Modified-Since	It is a request-type header. This header is used make the request conditional plus expects the entity to be transmitted, if it has been modified after the specified date.
If-Unmodified-Since	It is a request-type header. This header is used make the request conditional plus expects the entity to be transmitted, if it has been unmodified after the specified date.
Vary	It is response-type header. It is used by the server to indicate which headers it used when selecting a representation of a resource in a content negotiation algorithm.

Header	Description
Connection	It is a general type header that allows the sender or client to specify options that are desired for that particular connection.
Keep-Alive	It is a general-type header used to inform that how long a persistent connection should stay open.

Header	Description
Accept	It is a request type header. The Accept header is used to inform the server by the client that which content type is understandable by the client expressed as MIME-types.
Accept-charset	It is a request type header. This header is used to indicate what character set are acceptable for the response from the server.
Accept-Encoding	It is a response-type header. It is usually a comparison algorithm of request header. All the HTTP client used to tell the server which encoding or encoding it supports.
Accept-Language	It is a request-type header that tells the server about all the languages that the client can understand.

Header	Description
Expect	It is a request type header. It is used to indicate specific behaviors or expectations that the server needs to fulfill in order to respond to the client. Generally, Expect: 100-continue is the only expectation defined for the header field.

Header	Description
Cookie	It is a request type header. A cookie used in the requests sent by the user to the server.
Set-Cookie	It is a response header and used to send cookies from the server to the user agent. So the user agent can send them back to the server later so the server can detect the user.
Cookie2	It is a request type header. A cookie2 used in the requests sent by the user to the server.
Set-Cookie2	It is response type header and it is obsoleted. It is a provider of the mechanism to serve and retrieve state information from the client to the server.

Header	Description
Access-Control-Allow-Origin	It is a response header that is used to indicates whether the response can be shared with requesting code from the given origin.
Access-Control-Allow-Credentials	It is a Response header. The Access-Control-Allow-Credentials header is used to tell the browsers to expose the response to front-end JavaScript code when the request’s credentials mode Request.credentials is “include”.
Access-Control-Allow-Headers	It is a response header that is used to expose the headers that have been mentioned in it. By default 6 response headers are already exposed which are known as CORS-safelisted response headers.
Access-Control-Allow-Methods	It is a response-type header that specifies the method or methods allowed when accessing the resource.
Access-Control-Expose-Headers	It is a response-type header that indicates which headers can be exposed.
Access-Control-Max-Age	It is a response header that gives the time for which results of a CORS preflight request that checks to see if the CORS protocol is understood and a server is aware using specific methods and headers, can be cached.
Access-Control-Request-Headers	It is a request type header, it lets the server know which HTTP headers will be used when the actual request is made.
Access-Control-Request-Method	It is a request type header, it lets the server know which HTTP method will be used when the actual request is made.
Origin	It is a response HTTP header that indicates the security contexts that initiates an HTTP request without indicating the path information.
Timing-Allow-Origin	It is a response type header. It specify origins that are allowed to see values of attributes retrieved via features of the Resource Timing API.

Header	Description
DNT	It is a request type header. It lets users indicate whether they would prefer privacy rather than personalized content.
TK	It is a response type header, it indicates the tracking status.

Header	Description
Content-Disposition	It is a response type header for the body. It lets users indicate resource transmitted should be displayed inline or should be download and present a “Save As” dialog.

Header	Description
Content-Length	It is a response type header. It is used to indicate the size of entity-body in decimal no of octets i.e. bytes and sent it to the recipient. It is a forbidden header name.
Content-Type	It is a entity type header. It is used to indicate the media type of the resource. The media type is a string sent along with the file indicating the format of the file.
Content-Encoding	It is a response type header. It is used to compress the media type. It informers the server which encoding the user will supported.
Content-Language	It is an entity type header. It is used to define, which language speaker document is intended to. It doesn’t define the language of the document.
Content-Location	It is an entity type header that gives another location for the data that is returned and also tells how to access the resource by indicating the direct URL.

Header	Description
Forwarded	It is a request-type header. It is used to store client-facing side of proxy servers that is lost when a proxy is involved in the path of the request.
X-Forwarded-For	It is a request type header and is an alternative and de-facto standard version of the Forwarded header which is used when a client connects to a web server through an HTTP proxy or load balancer for identifying the original IP address.
X-Forwarded-Host	It is a request-type header. It is used to identify the original host requested by the client in the Host HTTP request header.
X-Forwarded-Proto	It is an request-type header. It is used to identifying the protocol that the client used to connect with a proxy or load balancer. It can be HTTP or HTTPS.
Via	It is an general-type header that is used to inform the server of proxies through which the request was sent.

Header	Description
Location	It is a response header that is used under 2 circumstances to ask a browser to redirect a URL (status code 3xx) or provide information about the location of a newly created resource (status code of 201).

Header	Description
From	It is a request-type header that is used to contains an Internet email address for a human user who controls the requesting user agent.
Host	It is a request-type header. It is use to represent the domain name of the server. It may also represent the Transmission Control Protocol (TCP) port number which the server uses.
Referrer	It is a request type header. This is use to hold the previous page link where this new page come, that the back button of the browsers can work.
Referrer-Policy	It is a response type header. It is used to define how much referrer information should be included with the requests.
User-Agent	It is a request header that allows a characteristic string that allows network protocol peers to identify the Operating System and Browser of the web-server.

Header	Description
Accept-Ranges	It is the response-type header also the part of the ranges system. This header act as a marker that is used by the server to supports the partial request of the clients.
Range	It is request-type header that is used to get part of a document from the server. If the server returns the part of the document, it uses the 206 (Partial Content) status code.
If-Range	It is a request type header. This is use to make a range request conditional.
Content-Range	It is a response header that indicates where a partial message belongs in a full body massage.

Header	Description
Cross-Origin-Resource-Policy	It is the response-type header and inform the client that the browser blocks no-cors cross-origin/cross-site requests to the given resource.
Content-Security-Policy	It is response-type header that is used to allows web site administrators to control resources.
Content-Security-Policy-Report-Only	It is a response header that allows the web developers to test the policies by keeping an eye on their effects.
Expect-CT	It is a response header that prevents the usage of wrongly issued certificates for a site and makes sure that they do not go unnoticed.
Feature-Policy	It is a response type header that is used to allow or deny the use of features on it’s own frame.
Public-Key-Pins	It is a response header. It is associates a specific cryptographic public key with a certain web server.
Public-Key-Pins-Report-Only	It is a response type header. It is used to report to the report-uri.
Strict-Transport-Security	It is a response type header. That is a web security policy mechanism that helps protect websites from malicious activities and informs user agents and web browsers how to handle its connection through a response header.
Upgrade-Insecure-Requests	It is a request type header. It sends a signal to the server expressing the client’s preference for an encrypted and authenticated response
X-Content-Type-Options	It is a response type header. It acts as a marker that indicates the MIME-types headers in the content types headers should not be changed to the server.
X-Frame-Options	It is a response header. It is used to prevent the site from click jacking attacks. It defines whether or not a browser should be allowed to render a page in a <frame>, <iframe>, <embed> or <object>.
X-XSS-Protection	It is a response-type header. It is used to enable the cross-site scripting filtering.

Header	Description
Transfer-Encoding	It is a response-type header that performs as the hop-by-hop header, the hop-by-hop header connection is the single transport-level connection must not be re-transmitted.
TE	It is request-type header that is used to specify the transfer encodings the user agent is willing to accept.
Trailer	It is a response header that indicates the given set of header fields is present in the trailer of a message encoded with chunked transfer-coding.

Header	Description
Sec-WebSocket-Accept	It is response-type headers category. This used by the server to intimate the client that it understood it was a WebSocket connection and it is ready to open connection.

Header	Description
Alt-Svc	It is use to reach the website in a alternate way.
Date	It is a general-type header used to pass additional information with HTTP response or HTTP request.
Large-Allocation	It is a response-type header that informs supported browsers (currently only Firefox) about the needs of a memory that allows them to make sure that the large-allocation succeeds and also start a new process using some unfragmented memory.
Link	It is entity-type header used to serializing one or more links in HTTP headers.
Retry-After	It is response-type header used to pass additional information with HTTP request or response. HTTP Retry-After header is an HTTP response header which indicates how long to wait before making another request.
Server-Timing	It is a response-type header. This header is used to communicate between two or more metrics and descriptions for a given request-response cycle from the user agent.
SourceMap	It is a response-type header used to map original source from the transformed source. For example, the JavaScript resources are transformed to some other source from its original by the browsers at the time of execution.
X-DNS-Prefetch-Control	It is response-type header that is used to controls the DNS prefetching.

Ent-to-End headers: This type of headers should be transmitted to the final recipient of the message so the server can make a request to the clients and the client can respond to that requests. The intermediate proxies must retransmit these headers as unmodified.
Hop-by-Hop headers: This type of headers only works for the single transport-level connection. This kind of harder should not be retransmitted by the proxies or cached.