Guide
HTTP Request Headers Explained
HTTP request headers are name/value fields your browser, app, proxy, or network sends with a request.
Last reviewed: June 12, 2026
Quick reference
Common headers
- Host
- The hostname the client is trying to reach.
- User-Agent
- Client-supplied software string for compatibility and logging.
- Accept-Language
- Preferred languages for responses.
- X-Forwarded-For
- Proxy-provided client address chain when the proxy path is trusted.
- Cookie
- Can contain session identifiers and should be redacted by diagnostic tools.
- Authorization
- Can contain credentials or bearer tokens and should not be exposed.
Advertisement
Guide
Common request headers
Headers can describe accepted content types, accepted languages, compression support, user-agent details, host name, and proxy forwarding information.
Developers use headers to debug routing, caching, localization, authentication, proxies, and API clients.
Guide
Sensitive values
Some headers can contain secrets, including Authorization, Cookie, and API key headers.
ShowIP redacts sensitive header values from the public /headers endpoint, but you should still avoid sending secrets to diagnostic tools unless you control the environment.
Reference
Key terms
- Header
- A request metadata field
- X-Forwarded-For
- Proxy header that may include original client addresses
- Redaction
- Replacing sensitive values before display
Examples
Examples
Accept-Language
da-DK,da;q=0.9,en-US;q=0.8
Language preferences sent by the client.
View your request headers
Accept-Encoding
gzip, deflate, br, zstd
Compression formats the client can receive.
View your request headers
Client hints
Sec-CH-UA-Platform
Structured platform hints can appear when supported and requested.
Next steps
Related guides and tools
Questions
FAQ
Are request headers private?
No. Headers are sent to the server handling the request. Some can contain sensitive data, so diagnostic tools should redact known secret-bearing headers.
Can X-Forwarded-For be trusted?
Only when it comes from a trusted proxy path. Otherwise clients can send or alter forwarding headers.
Sources