LOGBOOK

HELP

Quiz Entry - updated: 2026.07.14

What information do common HTTP headers like Host, User-Agent, Server, and Content-Type carry, and why does each matter?

They negotiate context: which site you want, who you are, what software runs the server, and what format the data is in.

Host — Required in HTTP/1.1+

Host: www.example.com

Why it matters: One server IP can host multiple websites (virtual hosting). Without Host, the server wouldn't know which site you mean. Try curl --resolve example.com:80:1.2.3.4 http://example.com/ to test.

User-Agent — Identifies the client

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0

Why it matters: Sites use it to serve mobile vs desktop layouts, detect bots, work around browser quirks. Privacy concern: highly unique User-Agents are used in browser fingerprinting.

Server — Reveals server software

Server: nginx/1.18.0 (Ubuntu)

Why it matters: Security risk — exposes software version, useful for attackers searching for known CVEs. Production servers should hide or generic-ize this header.

Content-Type — How to interpret the body

Content-Type: text/html; charset=utf-8
Content-Type: application/json
Content-Type: image/png

Why it matters: Tells the client what to render or parse. Mismatched Content-Type can cause security issues (XSS via MIME sniffing).

Other useful headers:

Header Purpose
Cookie / Set-Cookie Session state
Authorization Credentials (Basic auth, Bearer tokens)
Cache-Control Caching policy
Referer Previous page (privacy concern)
Accept-Encoding gzip, br, etc.
Content-Length Body size in bytes

Inspecting headers:

curl -v http://example.com
curl -I http://example.com   # HEAD request — headers only

Tip: Hide your Server header in production. nginx: server_tokens off;. Apache: ServerSignature Off and ServerTokens Prod. Reduces info leak to attackers.

Go deeper:

From Quiz: INTROL / Protocol Analysis | Updated: Jul 14, 2026