HTTP headers are key-value pairs transmitted at the start of every HTTP request and response that carry metadata about the message. Request headers tell the server about the client (User-Agent, Accept-Language, Accept-Encoding), the content being sent (Content-Type, Content-Length), authentication credentials (Authorization, X-API-Key), and caching preferences (If-None-Match, Cache-Control). Response headers tell the client about the server's response and how to handle it.
In web scraping, headers are a significant detection surface. Anti-bot systems validate that request headers match what a real browser would send for that specific browser version and operating system. A mismatch between the User-Agent claiming to be Chrome 124 on Windows and a missing `sec-ch-ua` client hint header, or a non-browser `Accept-Encoding` value, is a strong bot signal.
Critical headers to get right for anti-bot evasion: `User-Agent`, `Accept`, `Accept-Encoding`, `Accept-Language`, `sec-ch-ua`, `sec-ch-ua-mobile`, `sec-ch-ua-platform`, `Sec-Fetch-Site`, `Sec-Fetch-Mode`, `Sec-Fetch-Dest`. AlterLab manages the full header set automatically, matching the exact header profile of the Chromium version in use.