Skip to content

Overview

How to configure custom request and response headers in Traefik Hub.

Headers diagram

Introduction

API headers, also known as HTTP headers, are essential components of the communication process between a client (for example, a web or mobile application) and a server via an API (Application Programming Interface). These headers are metadata included in the HTTP requests and responses, providing crucial information to facilitate the exchange of data and instructions.

Request headers convey details about the client's preferences, authentication, and other key aspects, while response headers offer insights into the server's status, the format of the data, and caching directives.

Request headers

API request headers are a set of metadata sent by the client (typically a web or mobile application) to an API (Application Programming Interface) when making an HTTP request. These headers provide important information about the request and help the server understand how to process it.
Request headers play a crucial role in communicating client preferences, authentication, and other relevant details to the API server.

Here are some common API request headers and their purposes:

  1. Authorization: This header is used to send authentication credentials to the API server, such as an API key, token, or username and password. It verifies the client's identity and permissions.

  2. Content-Type: This header specifies the format of the data being sent in the request body. Common values include "application/json" for JSON data, "application/xml" for XML, and "application/x-www-form-urlencoded" for form data.

  3. Accept: The "Accept" header specifies the media types that the client can understand in the response. It tells the server what content type the client prefers in the response.

  4. User-Agent: This header provides information about the client application making the request. It can include the application's name, version, and sometimes the device or platform information. It helps the server understand the client's capabilities.

  5. Cookie: When the client needs to send cookies to the server, it includes this header with the cookie data.

  6. Referer: This header indicates the URL of the web page that led to the current request. It's used for tracking and analytics purposes and can be used for security, such as preventing cross-site request forgery (CSRF) attacks.

  7. Host: The "Host" header specifies the domain name or IP address of the server that the client is trying to access. This header is essential for virtual hosting on web servers that host multiple websites on the same IP address.

  8. If-Modified-Since: This header is used to make conditional requests. It tells the server to send the requested resource only if it has been modified since the specified date and time.

  9. Origin: This header is used in cross-origin requests (CORS) to indicate the origin of the client. It helps the server determine whether the client's domain is allowed to access the API.

  10. X-Requested-With: This header is often used to indicate the type of request being made, such as "XMLHttpRequest" for AJAX requests. It's not a standard HTTP header but is commonly used in web applications.

Request headers are essential for instructing the API server on how to handle the incoming request, including authentication, data format, and client preferences.
The specific headers used can vary depending on the API and the requirements of the application.

Response headers

API response headers are metadata included in the response sent by a server when you make a request to an API (Application Programming Interface). These headers provide important information about the response, such as the status of the request, the format of the data, caching instructions, and more.
Response headers are a critical part of the HTTP protocol and play a crucial role in how web applications and APIs communicate.

Here are some common API response headers and their purposes:

  1. HTTP Status Code: This is one of the most important parts of the response header. It indicates whether the request was successful, encountered an error, or requires further action. For example, a status code of 200 means success, while a 404 code means the requested resource was not found.

  2. Content-Type: This header specifies the format of the data in the response body. It helps the client know how to parse and interpret the data. Common values include "application/json" for JSON data, "text/html" for HTML, and "application/xml" for XML.

  3. Content-Length: This header indicates the size of the response body in bytes. It's helpful for clients to allocate the right amount of memory for processing the response.

  4. Cache-Control: This header provides directives for caching mechanisms, instructing the client or intermediary proxies on how to store and manage the response. It can include directives like "no-cache" (don't cache the response) or "max-age" (specifying how long the response can be cached).

  5. Access-Control-Allow-Origin: This header is important for cross-origin requests (CORS) and specifies which origins are allowed to access the API. It helps prevent unauthorized access to your API from different domains.

  6. Location: This header is often used in redirect responses (status codes like 301 or 302) and provides the URL to which the client should make a subsequent request.

  7. ETag: The "ETag" header is used for caching and can help the client determine if the content of a resource has changed. It's often used with conditional requests.

  8. Set-Cookie: When the API needs to set cookies in the client's browser, this header is used to provide cookie data.

  9. Date: This header provides the timestamp when the response was generated by the server.

  10. Server: It specifies information about the web server software being used, though it's often limited or obfuscated for security reasons.

These are some of the common response headers you might encounter in API interactions. The specific headers used can vary depending on the API and the requirements of the application.

What's next

  • Learn how to set custom headers using CRDs (Custom Resource Definitions)
  • Learn how to configure custom headers via the UI