HTTP Headers

General Headers: within both HTTP requests and responses. Used to describe the message, not the contents.

1. Date

2. Connection: close, keep-alive.

Entity Headers: Like general headers, within both request and response. They describe the content (entity) that is transferred by a message. Most likely found in responses as well as POST and PUT requests.

1. Content-Type: text/html, Describe the type of resource being transferred.

2. Media-Type: application/pdf, Describes the data being transferred. Important role when it comes to getting the server to interpret out input. The charset field indicates the encoding standard being used. (ex: UTF-8)

3. Boundary: boundary="b4e4fbd9340" Used to separate content when there is more than one in the same message. For example, within a form data, the boundary --b4e4fbd93540 to seperate different parts of the form.

4. Content-Length: Holds the size of the entity being sent. Necessary since the server uses it to read data from the message body, and then generated by the browser (or tools like cURL)

Request Headers: Sent by the client. Used in requests and are not related to the content of the message.

1. Host: States the host that resources are being requested from. Ex: google.com or an IP address. Since servers can be configured to host multiple different sites that are accessed via hostname, this is important for enumeration because it can inform us as to whether or not there are other hosts on the target server.

2. User-Agent: Describes the client that is making the request. Can reveal quite a bit about the client, such as, browser, version, and the operating system.

3. Referer: Where the current request is coming from. Meaning. If you follow a link from Google, the referer would be google.com Trusting this header can be dangerous because it is easily manipulated.

4. Accept: Contains cookie-value pairs in the name=value format. Cookies are stored on both the client and server side and act as identifiers. They can also save user preferences and session tracking. Multiple cookies can exist within a single header and will be seperated by a semi-colon.

5. Authorization: Another way a server can identify a client. Once authenticated, the server returns a token unique to the client. Unlike cookies, tokens are stored on the client-side only and retrieved by the server upon request. Different types of authentication exist based on the webserver and application type used.

Response Headers: Can be used in HTTP response and do not relate to the content. Response headerrs are used to provide more context about the response.

1. Server: Contains information about the HTTP server that processed a request such as its version and further enumeration.

2. Set-Cookie: Contains the cookie needed for client identification. Follows the same format as the Cookie request header.

3. WWW-Authenticate: Informs the client of the type of authentication required to access a resource.

Security Headers: A class of response headers used to specify certain rules and policies that need to be followed by the browser while accessing the website.

1. Content-Security-Policy: Sets the policy towards externally injected resources. Instructs the browser to accept resources only from certain trusted domains. Used to prevent Cross-site scripting(XSS)

2. Strict-Transport-Security: Prevents the browser from accessing the site using HTTP. Forces HTTPS. Prevents sniffing and accessing protected information such as passwords and other sensitive information.

3. Referrer-Policy: States whether or not the browser should include the value specified by the Referer header. Helps in avoiding disclosure of sensitive URLs and other information while browsing the website.