URLs, Headers, Cookies

URLs, Headers, Cookies

When you browse the web, three important concepts work together behind the scenes:

URLs
Headers
Cookies

Understanding these will help you clearly see how browsers and servers communicate.

What Is A URL

URL stands for Uniform Resource Locator.

A URL is the address of a resource on the web.

Example:

https://www.example.com/products/item?id=25

A URL has several parts.

Protocol

https → Tells the browser how to communicate.

Domain Name

www.example.com → The server’s name.

Path

/products/item → The specific resource.

Query Parameters

?id=25 → Extra information sent to the server.

Breaking Down A URL

Let us examine the parts more clearly.

https://subdomain.example.com:443/path/page.html?user=admin&sort=asc#section2

Protocol

https

Subdomain

subdomain

Domain

example.com

Port

443 (default for HTTPS)

Path

/path/page.html

Query String

?user=admin&sort=asc

Fragment

#section2 (used by browser to jump to a section of the page)

What Are Headers

Headers are extra pieces of information sent along with HTTP requests and responses.

They help the browser and server understand how to handle the data.

There are two types:

Request Headers

Sent from browser to server.

Response Headers

Sent from server to browser.

Example Of HTTP Request With Headers

GET /index.html HTTP/1.1
Host: www.example.com
User-Agent: Mozilla/5.0
Accept: text/html
Authorization: Bearer abc123
Cookie: session_id=xyz789

Explanation:

GET → Request method

Host → Website domain

User-Agent → Browser information

Accept → Expected content type

Authorization → Login token

Cookie → Previously stored data

Example Of HTTP Response With Headers

HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 1024
Set-Cookie: session_id=xyz789; HttpOnly; Secure
Cache-Control: no-cache

Explanation:

200 OK → Status code

Content-Type → Type of data returned

Content-Length → Size of response

Set-Cookie → Instructs browser to store a cookie

Cache-Control → Caching rules

What Are Cookies

Cookies are small pieces of data stored in the user’s browser.

They are used to:

Remember login sessions
Store preferences
Track user activity
Maintain shopping carts

Without cookies, websites would not remember who you are between page requests.

How Cookies Work

Step 1

User logs in to a website.

Step 2

Server sends a response header:

Set-Cookie: session_id=abc123; HttpOnly; Secure

Step 3

Browser stores this cookie.

Step 4

On future requests, the browser sends:

Cookie: session_id=abc123

The server recognizes the session and keeps the user logged in.

Types Of Cookies

Session Cookies

Temporary cookies deleted when browser closes.

Persistent Cookies

Remain stored until expiration date.

Secure Cookies

Sent only over HTTPS.

HttpOnly Cookies

Cannot be accessed by JavaScript (protects from some attacks).

Why Cookies Are Important

Cookies allow:

User authentication
Personalization
Shopping carts
Language preferences

Without cookies, every page reload would treat you as a new visitor.

Security Risks With Cookies

If not properly protected:

Session hijacking can occur.
Attackers can steal cookies.
Cross-Site Scripting (XSS) can access cookies if not HttpOnly.

Best practices:

Use HTTPS
Set HttpOnly
Set Secure flag
Use short expiration times

How URLs, Headers, And Cookies Work Together

You enter a URL.
Browser sends HTTP request with headers.
Server reads headers and cookies.
Server sends response with headers.
Browser stores cookies if instructed.

Example Full Request:

GET /dashboard HTTP/1.1
Host: www.example.com
User-Agent: Mozilla/5.0
Accept: text/html
Cookie: session_id=abc123

The server uses the cookie to identify the logged-in user.

Simple Server Example (Conceptual)

Here is a simple example in Python showing how a server might send a cookie.

from http.server import BaseHTTPRequestHandler, HTTPServer

class SimpleHandler(BaseHTTPRequestHandler):
    def do_GET(self):
        self.send_response(200)
        self.send_header("Content-type", "text/html")
        self.send_header("Set-Cookie", "session_id=abc123; HttpOnly")
        self.end_headers()
        self.wfile.write(b"<html><body>Hello User</body></html>")

server = HTTPServer(("localhost", 8080), SimpleHandler)
server.serve_forever()

This server:

Responds to requests
Sends a cookie
Displays simple HTML

This is only for learning purposes.

Example Code:

# Example URL
https://www.example.com/products/item?id=25

# Complex URL Breakdown
https://subdomain.example.com:443/path/page.html?user=admin&sort=asc#section2

# Example HTTP Request With Headers
GET /index.html HTTP/1.1
Host: www.example.com
User-Agent: Mozilla/5.0
Accept: text/html
Authorization: Bearer abc123
Cookie: session_id=xyz789

# Example HTTP Response With Headers
HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 1024
Set-Cookie: session_id=xyz789; HttpOnly; Secure
Cache-Control: no-cache

# Example Cookie Setting
Set-Cookie: session_id=abc123; HttpOnly; Secure

# Example Cookie Sent Back
Cookie: session_id=abc123

# Full Example Request
GET /dashboard HTTP/1.1
Host: www.example.com
User-Agent: Mozilla/5.0
Accept: text/html
Cookie: session_id=abc123

# Simple Python Server Example
from http.server import BaseHTTPRequestHandler, HTTPServer

class SimpleHandler(BaseHTTPRequestHandler):
    def do_GET(self):
        self.send_response(200)
        self.send_header("Content-type", "text/html")
        self.send_header("Set-Cookie", "session_id=abc123; HttpOnly")
        self.end_headers()
        self.wfile.write(b"<html><body>Hello User</body></html>")

server = HTTPServer(("localhost", 8080), SimpleHandler)
server.serve_forever()

Cyber Security

URLs, Headers, Cookies

Example Code:

Cyber Security

All Courses