This is an old revision of the document!
Table of Contents
HTTP Headers
HTTP headers are key-value pairs of metadata sent in HTTP requests and responses, by both the client (such as your web browser) and the server (such as the AMI's nginx install). This metadata provides essential information about the connection, helping the client & server sync up for data transfer.
HTTP headers are processed by the client application and the web server, and are usually invisible to the end user. Data sent as HTTP headers includes, but is not limited to:
- How information sent through the connection is encoded.
- Compatibility & version information about the client & server
- Cache control
- Session verification & authentication
- Remote access policies
Manipulating Headers
Manually changing the values HTTP headers is fairly easy to do, and provides for some tactical opportunities on the field. Spoofing your User-Agent or Referer headers is a great way to familiarize yourself with the concept of manipulating this data.
Consult the articles below for more thorough information on other header types that you can manipulate.
Further Reading
Since a full writeup on HTTP headers is beyond the scope of the Institute's mission, consult some of the following guides and articles for more information.
- List of HTTP header fields on Wikipedia
- Mozilla Development Network article about HTTP headers
- GeeksforGeeks tutorial about HTTP headers
- RFC 9110 for HTTP semantics
- HTTP Headers Guide from the OWASP Cheat Sheet Series
Find this page online at: https://bestpoint.institute/tools/http-headers