Understand all aspects of HTTP Headers Picture and text description_HTML/Xhtml_Web page production

What are HTTP Headers

HTTP is written by the "Hypertext Transfer Protocol". This protocol is used by the entire World Wide Web. Almost most of the content you see in the browser is transmitted through the http protocol, such as this article.

HTTP Headers are the core of HTTP requests and responses. They carry information about the client browser, requested page, server, etc.

Example

When you type a url in the browser address bar, your browser will make an http request similar to the following:
GET /tutorials/other/top-20-mysql-best- practices/ HTTP/1.1<code>GET /tutorials/other/top-20-mysql-best-practices/ HTTP/1.1<br>Host: net.tutsplus.com<br>User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 (.NET CLR 3.5.30729)<br>Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8<br>Accept-Language: en-us,en;q=0.5<br>Accept-Encoding: gzip,deflate<br>Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7<br>Keep-Alive: 300<br>Connection: keep-alive<br>Cookie: PHPSESSID=r2t5uvjq435r4q7ib3vtdjq120<br>Pragma: no-cache<br>Cache-Control: no-cache<br>Host: net.tutsplus.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5 .5 (.NET CLR 3.5.30729)Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-us, en;q=0.5

Accept-Encoding: gzip,deflate

Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7

Keep-Alive: 300<font face="NSimsun">HTTP/1.x 200 OK<br>Transfer-Encoding: chunked<br>Date: Sat, 28 Nov 2009 04:36:25 GMT<br>Server: LiteSpeed<br>Connection: close<br>X-Powered-By: W3 Total Cache/0.8<br>Pragma: public<br>Expires: Sat, 28 Nov 2009 05:36:25 GMT<br>Etag: "pub1259380237;gz"<br>Cache-Control: max-age=3600, public<br>Content-Type: text/html; charset=UTF-8<br>Last-Modified: Sat, 28 Nov 2009 03:50:37 GMT<br>X-Pingback: http://net.tutsplus.com/xmlrpc.php<br>Content-Encoding: gzip<br>Vary: Accept-Encoding, Cookie, User-Agent<br><!-- ... rest of the html ... --></font>Connection: keep-alive

Cookie: PHPSESSID=r2t5uvjq435r4q7ib3vtdjq120

Pragma: no-cache

Cache-Control: no-cache

The first line is Called "Request Line" it describes the basic information of the request, and the rest is HTTP headers.

After the request is completed, your browser may receive the following HTTP response:

HTTP/1.x 200 OK

Transfer-Encoding: chunked

Date: Sat, 28 Nov 2009 04:36:25 GMT

Server: LiteSpeedConnection : closeX-Powered-By: W3 Total Cache/0.8Pragma: publicExpires: Sat, 28 Nov 2009 05:36:25 GMT

Etag: "pub1259380237;gz"

Cache-Control: max-age=3600, publicContent-Type: text/html; charset=UTF-8Last-Modified: Sat, 28 Nov 2009 03:50:37 GMTX -Pingback: http://net.tutsplus.com/xmlrpc.php

Content-Encoding: gzip

Vary: Accept-Encoding, Cookie, User-Agent The first line is called "Status Line". After it are the http headers. After the blank line, the content starts to be output (in this case, some html output).

But when you view the page source code, you cannot see the HTTP headers, although they are sent to the browser along with what you can see. This HTTP request also sends out requests to receive some other resources, such as pictures, css files, js files, etc.

Let’s take a look at the details.

How to see HTTP Headers

• The following FireFox extensions can help you analyze HTTP headers: 1. firebug

2.

Live HTTP Headers

3. In PHP: getallheaders() is used to get request headers. You can also use the $_SERVER array. headers_list() is used to obtain response headers. You will see some examples of using php demonstration below the article. Structure of HTTP Request The first line, called the "first line", contains three parts:

• "method" indicates what type of request this is. The most common request types are GET, POST and HEAD.
• "path" reflects the path after the host. For example, when you request "http://net.tutsplus.com/tutorials/other/top-20-mysql-best-practices/", path will is "/tutorials/other/top-20-mysql-best-practices/".
• “protocol” contains “HTTP” and version number, modern browsers will use 1.1.

Each remaining line is a "Name:Value" pair. They contain various information about the request and your browser. For example, "User-Agent" indicates your browser version and the operating system you are using. "Accept-Encoding" tells the server that your browser can accept compressed output like gzip.

Most of these headers are optional. HTTP requests can even be streamlined to look like this:

<font face="NSimsun">GET /tutorials/other/top-20-mysql-best-practices/ HTTP/1.1<br>Host: net.tutsplus.com</font>

And you will still receive a valid response from the server.

Request Type

The three most common request types are: GET, POST and HEAD. You may be familiar with the first two from the process of writing HTML.

GET: Get a document

Most of the html, images, js, css, ... that are transmitted to the browser are requested through the GET method. It is the primary method of obtaining data.

For example, to get Nettuts articles, the first line of the http request usually looks like this:

<font face="NSimsun">GET /tutorials/other/top-20-mysql-best-practices/ HTTP/1.1</font>

Once the html is loaded, the browser will send a GET request to get the image, like this:

<font face="NSimsun">GET /wp-content/themes/tuts_theme/images/header_bg_tall.png HTTP/1.1</font>

The form can also be sent through the GET method. Here is an example:

<font face="NSimsun"><form action="foo.php" method="GET"> <br>First Name: <input name="first_name" type="text"><br>Last Name: <input name="last_name" type="text"><br><input name="action" type="submit" value="Submit"><br> </form></font>

When this form is submitted, the HTTP request will look like this:

<font face="NSimsun">GET /foo.php?first_name=John&last_name=Doe&action=Submit HTTP/1.1<br>...</font>

You can send form input to the server by appending it to a query string.

POST: Send data to the server

Although you can append data to the URL and send it to the server through the GET method, in many cases it is more appropriate to use POST to send data to the server. Sending large amounts of data via GET is unrealistic and has certain limitations.

It is common practice to send form data using POST requests. Let’s modify the above example to use the POST method:

<font face="NSimsun"><form action="foo.php" method="POST"> <br>First Name: <input name="first_name" type="text"><br>Last Name: <input name="last_name" type="text"><br><input name="action" type="submit" value="Submit"><br> </form></font>

Submitting this form will create an HTTP request as follows:

<font face="NSimsun">POST /foo.php HTTP/1.1<br>Host: localhost<br>User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 (.NET CLR 3.5.30729)<br>Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8<br>Accept-Language: en-us,en;q=0.5<br>Accept-Encoding: gzip,deflate<br>Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7<br>Keep-Alive: 300<br>Connection: keep-alive<br>Referer: http://localhost/test.php<br>Content-Type: application/x-www-form-urlencoded<br>Content-Length: 43<br>first_name=John&last_name=Doe&action=Submit</font>

There are three things to note here:

• The path in the first line has been changed to simply /foo.php , without the query string.
• Added Content-Type and Content-Lenght headers, which provide relevant information for sending messages.
• All data is sent after headers in the form of query string.

POST request can also be used on AJAX, application, cURL... And all file upload forms are required to use POST.

HEAD: Receive header information

HEAD is very similar to GET, except that HEAD does not accept the content part of the HTTP response. When you send a HEAD request, it means that you are only interested in the HTTP headers, not the document itself.

This method allows the browser to determine whether the page has been modified and thereby control caching. It can also determine whether the requested document exists.

For example, if there are many links on your website, then you can simply send HEAD requests to them respectively to determine whether there are dead links, which is much faster than using GET.

http response structure

When the browser sends an HTTP request, the server will respond to the request with an HTTP response. If you don’t care about the content, the request would look like this:

The first valuable information is the agreement. Currently, servers use HTTP/1.x or HTTP/1.1.

The next short message represents the status. Code 200 means that our request has been sent successfully, and the server will return the document we requested, after the header information.

We’ve all seen the “Understand all aspects of HTTP Headers Picture and text description_HTML/Xhtml_Web page production” page. When I request a non-existent path from the server, the server responds to us with Understand all aspects of HTTP Headers Picture and text description_HTML/Xhtml_Web page production instead of 200.

The rest of the response content is similar to the HTTP request. These are about server software, when the page/file was modified, mime type, etc...

Again, these headers are optional.

HTTP status code

• 200 is used to indicate successful request.
• 300 to indicate redirection.
• 400 is used to indicate a problem with the request.
• 500 is used to indicate a problem with the server.

200 Success (OK)

As mentioned earlier, 200 is used to indicate that the request is successful.

206 Partial Content

If an application only requests files within a certain range, 206 will be returned.

This is usually used for download management, resuming downloads or downloading files in chunks.

Understand all aspects of HTTP Headers Picture and text description_HTML/Xhtml_Web page production Not Found

Easy to understand

Understand all aspects of HTTP Headers Picture and text description_HTML/Xhtml_Web page production Unauthorized

Password protected pages will return this status. If you do not enter the correct password, you will see the following message in your browser:

Note that this is only a password-protected page. The pop-up box requesting a password looks like this:

403 Forbidden

If you do not have permission to access a page, a 403 status will be returned. This usually happens when you try to open a folder that doesn't have an index page. If the server settings do not allow viewing the directory contents, then you will see a 403 error.

Some other ways will also send permission restrictions, for example you can block by IP address, which requires some help from htaccess.

<font face="NSimsun">order allow,deny<br>deny from 192.168.44.201<br>deny from 224.39.163.12<br>deny from 172.16.7.92<br>allow from all</font>

302 (or 307) Moved Temporarily and 301 Moved Permanently

These two states will appear when the browser redirects. For example, you use a URL shortening service like bit.ly. This is how they learn who clicked on their links.

302 and 301 are very similar for browsers, but there are some differences for search engine crawlers. For example, if your website is under maintenance, then you will redirect the client browser to another address with a 302. Search engine crawlers will re-index your page in the future. But if you use a 301 redirect, you are telling the search engine crawlers that your website has been permanently moved to a new address.

500 Internal Server Error

This code usually appears when the page script crashes. Most CGI scripts do not output error messages to the browser like PHP does. If a fatal error occurs, they simply send a 500 status code. At this time, you need to check the server error log to troubleshoot.

Full list

You can find the complete description of HTTP status codes here .

HTTP request in HTTP Headers

Now let’s look at some common HTTP request information found in HTTP headers.

All these header information can be found in PHP’s $_SERVER array. You can also use the getallheaders() function to get all header information at once.

Host

An HTTP request will be sent to a specific IP address, but most servers have the ability to host multiple websites under the same IP address, so the server must know which domain name the browser is requesting for resources.

<font face="NSimsun">Host: rlog.cn<code><font face="NSimsun">Host: rlog.cn</font>

This is just the base hostname, including the domain and subdomains.

In PHP, you can view it through $_SERVER['HTTP_HOST'] or $_SERVER['SERVER_NAME'].

User-Agent

<font face="NSimsun">User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 (. NET CLR 3.5.30729)<code><font face="NSimsun">User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 (.NET CLR 3.5.30729)</font>

This header can carry the following information:

• Browser name and version number.
• Operating system name and version number.
• Default language.

This is a common method some websites use to collect visitor information. For example, you can determine if a visitor is accessing your site from a mobile phone and decide whether to direct them to a mobile site that performs well at lower resolutions.

In PHP, you can get the User-Agent through $_SERVER['HTTP_USER_AGENT']

<font face="NSimsun">if ( strstr($_SERVER['HTTP_USER_AGENT'],'MSIE 6') ) {<br>echo "Please stop using IE6!";<br> }<code><font face="NSimsun">if ( strstr($_SERVER['HTTP_USER_AGENT'],'MSIE 6') ) {<br>echo "Please stop using IE6!";<br>}</font>

Accept-Language

<font face="NSimsun">Accept-Language: en-us,en;q=0.5<code><font face="NSimsun">Accept-Language: en-us,en;q=0.5</font>

This information describes the user's default language setting. If the website has different language versions, then this information can be used to redirect the user's browser.

It can carry multiple languages ​​by comma separation. The first one will be the preferred language, and other languages ​​will carry a "q" value to indicate the user's preference for the language (0~1).

Use $_SERVER["HTTP_ACCEPT_LANGUAGE"] in PHP to get this information.

<font face="NSimsun">if (substr($_SERVER['HTTP_ACCEPT_LANGUAGE'], 0, 2) == 'fr') {<br>header('Location: http:// french.mydomain.com');<br>}<code><font face="NSimsun">if (substr($_SERVER['HTTP_ACCEPT_LANGUAGE'], 0, 2) == 'fr') {<br>header('Location: http://french.mydomain.com');<br>}</font>

Accept-Encoding

<font face="NSimsun">Accept-Encoding: gzip,deflate<code><font face="NSimsun">Accept-Encoding: gzip,deflate</font>

Most modern browsers support gzip compression and will report this information to the server. At this time, the server will send the compressed HTML to the browser. This can reduce file size by nearly 80% to save download time and bandwidth.

In PHP you can use $_SERVER["HTTP_ACCEPT_ENCODING"] to get this information. Then calling the ob_gzhandler() method will automatically detect this value, so you don’t need to manually detect it.

<font face="NSimsun">// enables output buffering<br>// and all output is compressed if the browser supports it<br>ob_start('ob_gzhandler');<code><font face="NSimsun">// enables output buffering<br>// and all output is compressed if the browser supports it<br>ob_start('ob_gzhandler');</font>

If-Modified-Since

If a page has been cached in your browser, then the next time you browse the browser will detect whether the document has been modified, then it will send such a header:

<font face="NSimsun">If-Modified-Since: Sat, 28 Nov 2009 06:38:19 GMT<code><font face="NSimsun">If-Modified-Since: Sat, 28 Nov 2009 06:38:19 GMT</font>

If it has not been modified since this time, the server will return "304 Not Modified" and no more content will be returned. The browser will automatically read the content from the cache

In PHP, you can use $_SERVER['HTTP_IF_MODIFIED_SINCE'] to detect.

<font face="NSimsun">// assume $last_modify_time was the last the output was updated<br>// did the browser send If-Modified-Since header?<br>if(isset ($_SERVER['HTTP_IF_MODIFIED_SINCE'])) {<br>// if the browser cache matches the modify time<br>if ($last_modify_time == strtotime($_SERVER['HTTP_IF_MODIFIED_SINCE'])) {<br>// send a 304 header, and no content<br>header("HTTP/1.1 304 Not Modified");<br>exit;<br>}<br>}<code><font face="NSimsun">// assume $last_modify_time was the last the output was updated<br>// did the browser send If-Modified-Since header?<br>if(isset($_SERVER['HTTP_IF_MODIFIED_SINCE'])) {<br>// if the browser cache matches the modify time<br>if ($last_modify_time == strtotime($_SERVER['HTTP_IF_MODIFIED_SINCE'])) {<br>// send a 304 header, and no content<br>header("HTTP/1.1 304 Not Modified");<br>exit;<br>}<br>}</font>

There is also an HTTP header called Etag, which is used to determine whether the cached information is correct. We will explain it later.

Cookie

As the name suggests, it will send the cookie information stored in your browser to the server.

<font face="NSimsun">Cookie: PHPSESSID=r2t5uvjq435r4q7ib3vtdjq120; foo=bar<code><font face="NSimsun">Cookie: PHPSESSID=r2t5uvjq435r4q7ib3vtdjq120; foo=bar</font>

It is a set of name-value pairs separated by semicolons. Cookies can also contain session ids.

In PHP, a single cookie can be obtained by accessing the $_COOKIE array. You can directly use the $_SESSION array to get the session variable. If you need session id, then you can use session_id() function instead of cookie.

<font face="NSimsun">echo $_COOKIE['foo'];<br>// output: bar<br>echo $_COOKIE['PHPSESSID'];<br>// output: r2t5uvjq435r4q7ib3vtdjq120<br>session_start();<br>echo session_id();<br>// output: r2t5uvjq435r4q7ib3vtdjq120</font>

Referer

As the name suggests, the header will contain referring url information.

For example, if I visit the Nettuts homepage and click on a link, this header information will be sent to the browser:
<font face="NSimsun">Referer: http://net.tutsplus.com/ </font>

In PHP, this value can be obtained via $_SERVER['HTTP_REFERER'].

<font face="NSimsun">if (isset($_SERVER['HTTP_REFERER'])) {<code><font face="NSimsun">if (isset($_SERVER['HTTP_REFERER'])) {<br>$url_info = parse_url($_SERVER['HTTP_REFERER']);<br>// is the surfer coming from Google?<br>if ($url_info['host'] == 'www.google.com') {<br>parse_str($url_info['query'], $vars);<br>echo "You searched on Google for this keyword: ". $vars['q'];<br>}<br>}<br>// if the referring url was:<br>// http://www.google.com/search?source=ig&hl=en&rlz=&=&q=http headers&aq=f&oq=&aqi=g-p1g9<br>// the output will be:<br>// You searched on Google for this keyword: http headers</font>$url_info = parse_url($_SERVER['HTTP_REFERER']);

// is the surfer coming from Google?

if ($url_info['host'] == 'www.google.com') {

parse_str($url_info['query'], $vars);

echo "You searched on Google for this keyword: ". $vars['q'];

}

}

// if the referring url was:

// http://www. google.com/search?source=ig&hl=en&rlz=&=&q=http headers&aq=f&oq=&aqi=g-p1g9<font face="NSimsun">Authorization: Basic bXl1c2VyOm15cGFzcw==</font>// the output will be:

// You searched on Google for this keyword: http headers

You may have noticed the word “referrer” is misspelled as “referer”. Unfortunately it made into the official HTTP specifications like that and got stuck.

Authorization

When a page requires authorization, the browser will pop up a login window. After entering the correct account number, the browser will send an HTTP request, but this time it will include such a header:

This part of the information contained in the header is base64 encoded. For example, base64_decode(‘bXl1c2VyOm15cGFzcw==’) will be converted to ‘myuser:mypass’. In PHP, this value can be obtained using $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW']. We will explain more details in the WWW-Authenticate section. HTTP response in HTTP Headers Now let me understand the HTTP response information in some common HTTP Headers. In PHP, you can set header response information through

header()

. PHP has automatically sent some necessary header information, such as loaded content, setting cookies, etc... You can see what has been sent and what will be sent through the

headers_list()

function header information. You can also use the

<font face="NSimsun">Cache-Control: max-age=3600, public</font>headers_sent()

function to check whether the header information has been sent.

Cache-Control

w3.org's definition is: "The Cache-Control general-header field is used to specify directives which MUST be obeyed by all caching mechanisms along the request/response chain." where "caching mechanisms" contains some of the information your ISP may Gateway and proxy information will be used. <font face="NSimsun">Cache-Control: no-cache </font>

For example:

<font face="NSimsun">Cache-Control: max-age=3600, public<font color="#6466b3"></font></font> "Public" means that this response can be cached by anyone, and "max-age" indicates the number of seconds that the cache will be valid. Allowing your website to be cached greatly reduces download time and bandwidth, while also improving browser loading speeds.

You can also disable caching by setting the "no-cache" directive:

<font face="NSimsun">Cache-Control: no-cache </font>

<font face="NSimsun">Content-Type: text/html; charset=UTF-8</font>For more details, please visit

w3.org. Content-Type

This header contains the "mime-type" of the document. The browser will use this parameter to decide how to parse the document. For example, an html page (or php page with html output) would return something like this: <font face="NSimsun">Content-Type: text/html; charset=UTF-8</font>

<font face="NSimsun">Content-Type: image/gif</font>‘text’ is the document type and ‘html’ is the document subtype. This header also includes more information, such as charset.

If it is an image, this response will be sent: <font face="NSimsun">Content-Type: image/gif</font> The browser can decide to use an external program or its own extension to open the document through the mime-type. The following example calls Adobe Reader:

<font face="NSimsun">Content-Type: application/pdf</font>

Direct loading, Apache usually automatically determines the mime-type of the document and adds appropriate information to the header. And most browsers have a certain degree of fault tolerance. They will automatically detect mime-type when the information is not provided in the header or is incorrectly provided.

You can find a list of commonly used mime-types here.

In PHP you can use finfo_file() to detect the ime-type of the file.

Content-Disposition

This header will tell the browser to open a file download window instead of trying to parse the contents of the response. For example:

<font face="NSimsun">Content-Disposition: attachment; filename="download.zip"<code><font face="NSimsun">Content-Disposition: attachment; filename="download.zip"</font>

It will cause the browser to display a dialog box like this:

Note that the appropriate Content-Type header will also be sent

<font face="NSimsun">Content-Type: application/zip<br>Content-Disposition: attachment; filename="download.zip"<code><font face="NSimsun">Content-Type: application/zip<br>Content-Disposition: attachment; filename="download.zip"</font>

Content-Length

When content is to be transmitted to the browser, the server can use this header to inform the browser of the size (bytes) of the file to be transmitted.

<font face="NSimsun">Content-Length: 89123<code><font face="NSimsun">Content-Length: 89123</font>

This information is quite useful for file downloading. This is why the browser knows the progress of the download.

For example, here I wrote a dummy script to simulate a slow download.

<font face="NSimsun">// it's a zip file<br>header('Content-Type: application/zip');<br>// 1 million bytes (about 1megabyte) <br>header('Content-Length: 1000000');<br>// load a download dialogue, and save it as download.zip<br>header('Content-Disposition: attachment; filename="download .zip"');<br>// 1000 times 1000 bytes of data<br>for ($i = 0; $i <span style="WHITE- SPACE: pre"><code><font face="NSimsun">// it's a zip file<br>header('Content-Type: application/zip');<br>// 1 million bytes (about 1megabyte)<br>header('Content-Length: 1000000');<br>// load a download dialogue, and save it as download.zip<br>header('Content-Disposition: attachment; filename="download.zip"');<br>// 1000 times 1000 bytes of data<br>for ($i = 0; $i <span style="WHITE-SPACE: pre"></span>echo str_repeat(".",1000);<br><span style="WHITE-SPACE: pre"></span>// sleep to slow down the download<br><span style="WHITE-SPACE: pre"></span>usleep(50000);<br>}</font>echo str_repeat(".",1000);

// sleep to slow down the download

usleep(50000);
}

The result will be like this:

<font face="NSimsun">// it's a zip file<br>header('Content-Type: application/zip');<br>// the browser won't know the size<br>// header('Content-Length: 1000000');<br>// load a download dialogue, and save it as download.zip<br>header('Content-Disposition: attachment; filename="download.zip"');<br>// 1000 times 1000 bytes of data<br>for ($i = 0; $i <span style="WHITE-SPACE: pre"></span>echo str_repeat(".",1000);<br><span style="WHITE-SPACE: pre"></span>// sleep to slow down the download<br><span style="WHITE-SPACE: pre"></span>usleep(50000);<br>}</font>Now I comment out the Content-Length header:

<font face="NSimsun">// it's a zip file<br>header('Content-Type: application/zip');<br>// the browser won't know the size<br>// header('Content-Length: 1000000');<br>// load a download dialogue, and save it as download.zip<br>header('Content-Disposition: attachment; filename ="download.zip"');<br>// 1000 times 1000 bytes of data<br>for ($i = 0; $i <span style="WHITE-SPACE: pre"></span></font>

echo str_repeat(".",1000);

// sleep to slow down the download
/>usleep(50000);
}

The result becomes this:

This browser will only tell you how much has been downloaded, but not how much needs to be downloaded in total. And the progress bar will not show the progress. <font face="NSimsun">Etag: "pub1259380237;gz"</font>

Etag

This is another header generated for caching. It will look like this: <font face="NSimsun">Etag: "pub1259380237;gz"</font>

<font face="NSimsun">If-None-Match: "pub1259380237;gz"</font>

The server may respond to the browser with this information along with each file sent. The value can contain the document's last modification date, file size, or file checksum. Browsing caches it along with the received document. The next time the browser requests the same file again it will send the following HTTP request:

<font face="NSimsun">If-None-Match: "pub1259380237;gz"<p></p></font>

If the Etag value of the requested document is consistent with it, the server will send a 304 status code instead of 2oo. and does not return content. The browser will now load the file from the cache. <font face="NSimsun">Last-Modified: Sat, 28 Nov 2009 03:50:37 GMT</font>

Last-Modified

<font face="NSimsun">$modify_time = filemtime($file);<br>header("Last-Modified: " . gmdate("D, d M Y H:i:s", $modify_time) . " GMT");</font>As the name suggests, this header information indicates the last modification time of the document in GMT format:

<font face="NSimsun">Last-Modified: Sat, 28 Nov 2009 03:50:37 GMT</font>

<font face="NSimsun">$modify_time = filemtime($file);<br>header("Last-Modified: " . gmdate("D, d M Y H:i:s", $ modify_time) . " GMT");</font> It provides an alternative caching mechanism. The browser may send a request like this:

<font face="NSimsun">If-Modified-Since: Sat, 28 Nov 2009 06:38:19 GMT</font>

We have already discussed this in the If-Modified-Since section.

Location

This header is used for redirection. If the response code is 301 or 302, the server must send this header. For example, when you visit http://www.nettuts.com your browser will receive the following response:

<font face="NSimsun">HTTP/1.x 301 Moved Permanently<br>...<br>Location: http://net.tutsplus.com/<br>...</font>

In PHP you can redirect visitors this way:
<font face="NSimsun">header('Location: http://net.tutsplus.com/');</font>

By default, 302 status code will be sent. If you want to send 301, just write like this:

<font face="NSimsun">header('Location: http://net.tutsplus.com/', true, 301);</font>

Set-Cookie

When a website needs to set or update the cookie information you browse, it will use a header like this:

<font face="NSimsun">Set-Cookie: skin=noskin; path=/; domain=.amazon.com; expires=Sun, 29-Nov-2009 21:42:28 GMT<code><font face="NSimsun">Set-Cookie: skin=noskin; path=/; domain=.amazon.com; expires=Sun, 29-Nov-2009 21:42:28 GMT<br>Set-Cookie: session-id=120-7333518-8165026; path=/; domain=.amazon.com; expires=Sat Feb 27 08:00:00 2010 GMT</font>Set-Cookie: session-id=120-7333518-8165026; path=/; domain=.amazon.com; expires=Sat Feb 27 08:00:00 2010 GMT

Each cookie will be used as a separate header information. Note that setting cookies through js will not be reflected in the HTTP header.

In PHP, you can set cookies through the setcookie()

function, and PHP will send the appropriate HTTP headers.

<font face="NSimsun">setcookie("TestCookie", "foobar");</font><font face="NSimsun">setcookie("TestCookie", "foobar");</font>

It will send header information like this:

<font face="NSimsun">Set-Cookie: TestCookie=foobar</font><font face="NSimsun">Set-Cookie: TestCookie=foobar</font>

If no expiration time is specified, the cookie will be deleted after the browser is closed.

WWW-Authenticate

A website may send this header over HTTP to authenticate the user. When the browser sees this response in the header, it opens a pop-up window.

<font face="NSimsun">WWW-Authenticate: Basic realm="Restricted Area"</font><font face="NSimsun">WWW-Authenticate: Basic realm="Restricted Area"</font>

It will look like this:

In the chapter of the

PHP manual, there is a simple code that demonstrates how to do such a thing with PHP:

<font face="NSimsun">if (!isset($_SERVER['PHP_AUTH_USER'])) {<br>header('WWW-Authenticate: Basic realm="My Realm"');<br>header('HTTP/1.0 Understand all aspects of HTTP Headers Picture and text description_HTML/Xhtml_Web page production Unauthorized');<br>echo 'Text to send if user hits Cancel button';<br>exit;<br>} else {<br>echo "<p>Hello {$_SERVER['PHP_AUTH_USER']}.</p>";<br>echo "<p>You entered {$_SERVER['PHP_AUTH_PW']} as your password.</p>";<br>}</font><font face="NSimsun">if (!isset($_SERVER['PHP_AUTH_USER'])) {</font>

header('WWW-Authenticate: Basic realm="My Realm"');

header('HTTP/1.0 Understand all aspects of HTTP Headers Picture and text description_HTML/Xhtml_Web page production Unauthorized');

echo 'Text to send if user hits Cancel button';

exit;

} else {

echo "

Hello { $_SERVER['PHP_AUTH_USER']}.

";<font face="NSimsun">Content-Encoding: gzip</font>echo "

You entered {$_SERVER['PHP_AUTH_PW']} as your password.

"; }

Content-Encoding This header is usually set when the returned content is compressed.

<font face="NSimsun">Content-Encoding: gzip</font>

In PHP, if you call the

ob_gzhandler() function, this header will be set automatically.

Original address: http://css9.net/all-about-http-headers/