HTTP Headers Explained: What Your Browser Reveals With Every Request
HTTP Headers Explained: What Your Browser Reveals With Every Request
What Are HTTP Headers?
HTTP headers are metadata fields transmitted automatically with every request your browser sends to a web server. They contain technical information about your browser, your preferences, the type of content you can accept, and the context of your request. Headers are invisible to users during normal browsing — they operate silently in the background of every page load. For the strategic overview of where HTTP-header fingerprinting fits with other techniques, see our complete browser fingerprinting guide.
Key HTTP Headers and What They Reveal
- User-Agent: Your browser name and version, operating system name and version.
- Accept-Language: Your preferred languages, which reveals your locale and potentially your nationality.
- Accept-Encoding: Which compression formats your browser supports.
- DNT (Do Not Track): Ironically, enabling DNT makes you more unique — fewer users have it enabled.
- Sec-CH-UA headers: Client hints from Chromium-based browsers that explicitly report browser brand, version, and platform.
How HTTP Headers Are Used for Fingerprinting
By combining User-Agent with Accept-Language and Sec-CH-UA headers, trackers can identify your browser, OS, and locale with high confidence. When combined with canvas and WebGL fingerprints, HTTP headers add additional uniqueness to your overall browser profile.
Reducing HTTP Header Exposure
Brave browser normalizes some header values to reduce fingerprint uniqueness. Firefox with privacy hardening sends fewer identifying headers. The Tor Browser sends standardized header values that are identical for all Tor users.
Part of the Vatha network.