How to defend against Account Takeovers
Learn about account takeover threats, protection strategies, and detection methods to secure your digital accounts and prevent unauthorised access.
HTTP headers are key-value pairs sent at the beginning of a request or response message as part of the HTTP (Hypertext Transfer Protocol). Headers provide information about the request or response, such as the type of browser being used, the type of data being sent, the server's expected behavior, and much more.
HTTP Request Headers
HTTP request headers provide information about the client's request, such as the type of content being sent, preferred languages, authentication details, etc. Here's an example of a typical HTTP request header:
GET /index.html HTTP/1.1
Host: www.example.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Here's an explanation of some key request headers:
- GET /index.html HTTP/1.1: The request line, indicating the HTTP method (GET), the requested resource (/index.html), and the HTTP version (1.1).
- Host: The domain name of the server.
- User-Agent: Information about the client's browser and operating system.
- Accept: Specifies the media types that the client can process.
- Accept-Language: Indicates the client's preferred languages.
- Connection: Controls whether the connection should be maintained after the current transaction (e.g., "keep-alive").
HTTP Response Headers
HTTP response headers provide information about the server's response, including the status of the request and details about the data being sent back. Here's an example of a typical HTTP response header:
HTTP/1.1 200 OK
Date: Tue, 02 Aug 2023 08:00:00 GMT
Server: Apache/2.4.7
Last-Modified: Mon, 01 Jul 2023 07:28:00 GMT
Content-Length: 438
Content-Type: text/html; charset=UTF-8
Connection: close
Here's an explanation of some key response headers:
- HTTP/1.1 200 OK: The status line, showing the HTTP version (1.1), status code (200), and reason phrase (OK).
- Date: The date and time the response was sent.
- Server: Information about the server handling the request.
- Last-Modified: The last date the requested resource was modified.
- Content-Length: The size of the response body in bytes.
- Content-Type: The media type of the resource (e.g., text/html).
- Connection: Control information for the connection (e.g., "close" to terminate the connection after the response).
HTTP headers are a vital part of the web's architecture, enabling browsers and servers to exchange information in a standardized way. They help control various aspects of the communication between clients and servers, making the web a flexible and robust platform.
Related Articles
What is an Account Takeover?
An overview of Account Takeover Attacks
Anatomy of a Credential Stuffing Attack
A step-by-step breakdown of how credential stuffing attacks are carried out, from obtaining stolen credentials to bypassing defenses and taking over accounts.
What is Anycast DNS?
An introduction to Anycast DNS
What is an Apex Domain?
A quick description about what an Apex Domain is.
Best Practices for API Key Management and Rotation
Learn the essential best practices for managing and rotating API keys to enhance security, prevent unauthorized access, and minimize the impact of key compromise.