Metadata sent with HTTP requests and responses that provides context like content type, authentication tokens, and CORS permissions.
HTTP Headers are metadata attached to every HTTP Request and HTTP Response. They tell the server and browser important context about the communication — like who you are, what data format you're using, and what's allowed.
Request Headers (what your app sends):
Authorization: Bearer eyJhbGc... — Your auth token, proving who you areContent-Type: application/json — Tells the server you're sending JSON dataOrigin: http://localhost:5173 — Where the request is coming from (used by CORS)Response Headers (what the server sends back):
Content-Type: application/json — The response data is JSONAccess-Control-Allow-Origin: * — CORS permission (who can read this response)Access-Control-Allow-Methods: GET, POST, PUT, DELETE — Allowed HTTP methodsWhy headers matter for debugging:
Missing or incorrect headers cause some of the most confusing errors:
Authorization header → 401 Unauthorized status codeContent-Type → Server can't parse your dataYou can inspect headers in the Network Tab: click any request, then look at the Headers tab. When debugging, copy the headers and show them to Claude Code — it can spot missing headers instantly.
Related: HTTP Request, HTTP Response, CORS, Authentication, Token, Network Tab, Status Code, JSON
We give you the skills to build, deploy, and own a full product. Professional stack, AI co-pilot, no coding background required.