HTTP Header

Metadata sent alongside HTTP requests and responses. Used for cache control, authentication, specifying redirect destinations, and more.

Nov 6, 2025 · About 1 min read

Redirect

An HTTP header is metadata exchanged between a browser and a server during HTTP communication, separate from the body (the actual content). Think of it like a postal analogy: the body is the letter inside the envelope, and the headers are the sender, recipient, and date printed on the envelope.

HTTP headers are divided into request headers (browser to server) and response headers (server to browser). Common request headers include User-Agent (browser type), Accept (acceptable data formats), and Cookie (stored cookie data). Common response headers include Content-Type (data format), Cache-Control (caching rules), and Location (redirect destination URL).

The redirect mechanism behind short URLs is built entirely on HTTP headers. When you access a short URL, the server returns a 301 or 302 status code with the original URL set in the Location header. The browser reads the Location value and automatically navigates to that page. This process typically completes in under 50 milliseconds.

Security-related HTTP headers are also important. Strict-Transport-Security (HSTS) enforces HTTPS connections, X-Frame-Options prevents clickjacking, and Content-Security-Policy (CSP) mitigates XSS attacks. Properly configuring these headers significantly strengthens a website's security posture.

You can inspect HTTP headers using your browser's developer tools (F12, then the Network tab). To check where a short URL redirects without actually visiting the destination, look at the Location header in the developer tools. Related books are available on Amazon.

Share on X Hatena

Was this article helpful?

Related Terms

HTTP Status Code

A three-digit number returned by a web server indicating the result of a client's request.

Cache

A temporary storage mechanism that saves previously fetched data for faster subsequent access. Browser cache and DNS cache are common examples.

Referrer-Policy

An HTTP header that controls how much referrer information is included when navigating from one page to another.

HSTS

HTTP Strict Transport Security - a header that forces browsers to only connect to a website using HTTPS.

CORS

Cross-Origin Resource Sharing - a browser security mechanism that controls which domains can access resources from another domain.

X-Frame-Options

An HTTP response header that controls whether a browser should allow a page to be displayed in an iframe.

301 vs 302 Redirects - Choosing the Right Type for Short URLs

Understand the differences between 301 and 302 HTTP redirects. Learn how each type affects SEO, analytics, and performance for short URLs.

How URL Shorteners Work - The Technical Side of Redirects

Discover the technical mechanics behind URL shortening: hash generation, database lookups, HTTP redirects, and more. Includes HTTP response examples and base-62 encoding calculations.

What Happens When You Click a Link? A Peek Behind the 0.5-Second Curtain

What happens behind the scenes when you click a link? An adventure-style guide covering DNS, requests, responses, and how URL shortener redirects work.

FAQ

How can I view HTTP headers?

Open your browser's developer tools (F12 in Chrome, then the Network tab). Click any request to see both request and response headers. You can also use the curl command with the -I flag.

What is the relationship between the Location header and redirects?

When a server returns a 301 or 302 status code, it specifies the destination URL in the Location header. The browser reads this header and automatically navigates to the target. Short URL redirects work through this exact mechanism.

Should I always configure security headers?

Yes. Headers like HSTS, X-Frame-Options, and CSP can block many attacks simply by being set. The configuration cost is low and the security benefit is substantial, so they are recommended for every website.

Ready to create a short URL?

Shorten a URL for Free