HTTP Headers - How Websites Actually Talk

Today I finally started to get how the whole browser-to-server interaction works on a deeper level. You know when you visit a website and everything just magically loads? Yeah, turns out there’s a whole conversation happening in the background - and that convo is made up of HTTP headers.
Let me break it down.
Headers - Tiny Messages with Big Meaning
HTTP headers are like the post-it notes attached to web requests and responses. They don’t carry the main content (like a full webpage or image), but they tell both the browser and the server how to deal with that content.
There are request headers (sent from your browser to the server) and response headers (coming back from the server).
Common Request Headers (Browser → Server)
Here are some of the ones I found useful:
User-Agent - tells the server what browser and version you’re using. This helps the site adapt if needed.
Host - identifies the website you’re requesting. Useful if the server hosts multiple sites.
Content-Length - tells the server how much data you're sending (for example, when submitting a form).
Accept-Encoding - lists the compression methods your browser supports (like gzip, br, etc).
Cookie - if you’ve been to the site before, this header quietly sends your ID or session data back to the server.
Common Response Headers (Server → Browser)
These tell the browser how to handle what it receives:
Content-Type - tells the browser what kind of data is coming (HTML? Image? JSON?).
Content-Encoding - says how the content was compressed.
Cache-Control - explains how long the browser can cache the response.
Set-Cookie - this one sets a cookie in your browser. It’s how the server says: “Hey, remember this person!”
Cookies = Server Memory
HTTP is stateless by default, so cookies are how the server “remembers” who you are between visits. You might never enter a name, but the server can still assign you a random ID and say:
“Here, store this cookie. I’ll know it’s you next time.”
And your browser just silently agrees. Kinda spooky, right?
Then Came the Hands-On Part
At the end of the lesson, I got to mess around in a built-in emulator that simulated real HTTP requests. I had to send:
GET requests to fetch data
POST requests to send login info
PUT requests to update stuff
DELETE requests to remove things
You could set parameters like username=admin
or password=letmein
, and watch how everything played out based on the method you used and the data you sent.
Super satisfying, and also kinda addictive once it clicks.
What I Took Away
Headers are tiny, but they carry a ton of meaning
You can be tracked without ever typing anything - all thanks to cookies
Forms send data with POST, and servers often respond with a
Set-Cookie
to remember youMost of the time, your browser’s just quietly handing over details in the background
If you’ve ever wanted to understand what’s really going on when you visit a site - this is it. Headers are the whispers in the hallway between your browser and the server. And now I can read them.
Subscribe to my newsletter
Read articles from Andrii R directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by
