Browser & Web Server Headers 101


Understanding the basic interaction between a web server and a web browser is critical for a beginning systems administrator or web developer. Basically, text is sent back and forth in a way that is specified by the HTTP protocol. Several versions of the protocol exist, but the details are not required to understand the interaction between a web server and a web browser at a practical level.



When a browser requests a piece of content from a web server the first thing that is sent back are the server headers. These are nothing more than strings of text which are sent from the web server to the browser in a simple format defined by the HTTP protocol. During normal browser usage, the headers cannot be seen by a user, but their browser uses them to determine how it should behave. The headers can be seen with a simple tool called curl or there are plugins for Firefox and other browsers. If you have access to a command line, curl is useful for basic troubleshooting. In the example below, the first two headers are standard, but most others are optional and not all web servers will display them. Furthermore, web servers can be configured to change the headers in many different ways to evoke different reactions from the web browser.



curl -I


HTTP/1.1 200 OK
Date: Fri, 05 Feb 2010 20:00:55 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=ISO-8859-1
Set-Cookie: PREF=ID=911487d635c634f1:TM=1265400055:LM=1265400055:S=iMyMEvC8rK8fQGfg; expires=Sun, 05-Feb-2012 20:00:55 GMT; path=/;
Set-Cookie: NID=31=fONhlSFtNqjoAIg54x7k_ddeSj5D65Y58xmCrfZur0BqX4CC6qvw1mxdj3bDub7BzMT9ky0fZP4PND-4MWIjIbl2i5Ro8wC-ktmDxgAgfGh_DQKU5aFctmH7O5yEZauH; expires=Sat, 07-Aug-2010 20:00:55 GMT; path=/;; HttpOnly
Server: gws
X-XSS-Protection: 0
Transfer-Encoding: chunked


  • HTTP/1.1 200 OK – This indicates that the web server was able to find the content and is delivering it to the browser
  • Date: Fri, 05 Feb 2010 20:00:55 GMT – Date on the web server, specified in the global standard in England
  • Expires: -1 – This indicates that the content expires immediately. This is a newer header that all new browsers listen to (IE7, Firefox, and Safari)
  • Cache-Control: private, max-age=0 – Tells older web browsers; don’t cache this content



Try pulling headers from web servers for several big or small websites. Try to analyze and understand what the headers mean.


Leave a Reply

Your email address will not be published. Required fields are marked *