ShowIP.net Public IP and request tools

Guide

HTTP Request Headers Explained

HTTP request headers are name/value fields your browser, app, proxy, or network sends with a request.

Last reviewed: June 12, 2026

View request headers

Quick reference

Common headers

Host
The hostname the client is trying to reach.
User-Agent
Client-supplied software string for compatibility and logging.
Accept-Language
Preferred languages for responses.
X-Forwarded-For
Proxy-provided client address chain when the proxy path is trusted.
Cookie
Can contain session identifiers and should be redacted by diagnostic tools.
Authorization
Can contain credentials or bearer tokens and should not be exposed.

Advertisement

Guide

Common request headers

Headers can describe accepted content types, accepted languages, compression support, user-agent details, host name, and proxy forwarding information.

Developers use headers to debug routing, caching, localization, authentication, proxies, and API clients.

Guide

Sensitive values

Some headers can contain secrets, including Authorization, Cookie, and API key headers.

ShowIP redacts sensitive header values from the public /headers endpoint, but you should still avoid sending secrets to diagnostic tools unless you control the environment.

Reference

Key terms

Header
A request metadata field
X-Forwarded-For
Proxy header that may include original client addresses
Redaction
Replacing sensitive values before display

Examples

Examples

Client hints

Sec-CH-UA-Platform Structured platform hints can appear when supported and requested.

Next steps

Questions

FAQ

Are request headers private?

No. Headers are sent to the server handling the request. Some can contain sensitive data, so diagnostic tools should redact known secret-bearing headers.

Can X-Forwarded-For be trusted?

Only when it comes from a trusted proxy path. Otherwise clients can send or alter forwarding headers.

Sources

References

Advertisement