Question

what are the content negotiation headers? why are they used

Answer 1

Answer:  

Content negotiation

The Accept header is used to inform the server by the client that which content type is understandable by the client expressed as MIME-types. It is a request type header. This header is used to indicate what character set are acceptable for the response from the server. It is a response-type header. It is usually a comparison algorithm of request header. All the HTTP client used to tell the server which encoding or encoding it supports. It is a request-type header that tells the server about all the languages that the client can understand.

Expect

It is a request type header. It is used to indicate specific behaviors or expectations that the server needs to fulfill in order to respond to the client. Generally, Expect: 100-continue is the only expectation defined for the header field.

Cookie	It is a request type header. A cookie used in the requests sent by the user to the server.
Set-Cookie	It is a response header and used to send cookies from the server to the user agent. So the user agent can send them back to the server later so the server can detect the user.
Cookie2	It is a request type header. A cookie2 used in the requests sent by the user to the server.
Set-Cookie2	It is response type header and it is obsoleted. It is a provider of the mechanism to serve and retrieve state information from the client to the server.

Access-Control-Allow-Origin	It is a response header that is used to indicates whether the response can be shared with requesting code from the given origin.
Access-Control-Allow-Credentials	It is a Response header. The Access-Control-Allow-Credentials header is used to tell the browsers to expose the response to front-end JavaScript code when the request’s credentials mode Request.credentials is “include”.
Access-Control-Allow-Headers	It is a response header that is used to expose the headers that have been mentioned in it. By default 6 response headers are already exposed which are known as CORS-safelisted response headers.
Access-Control-Allow-Methods	It is a response-type header that specifies the method or methods allowed when accessing the resource.
Access-Control-Expose-Headers	It is a response-type header that indicates which headers can be exposed.
Access-Control-Max-Age	It is a response header that gives the time for which results of a CORS preflight request that checks to see if the CORS protocol is understood and a server is aware using specific methods and headers, can be cached.
Access-Control-Request-Headers	It is a request type header, it lets the server know which HTTP headers will be used when the actual request is made.
Access-Control-Request-Method	It is a request type header, it lets the server know which HTTP method will be used when the actual request is made.
Origin	It is a response HTTP header that indicates the security contexts that initiates an HTTP request without indicating the path information.
Timing-Allow-Origin	It is a response type header. It specify origins that are allowed to see values of attributes retrieved via features of the Resource Timing API.

Sec-WebSocket-Accept

It is response-type headers category. This used by the server to intimate the client that it understood it was a WebSocket connection and it is ready to open connection.

note: plzzz don't give dislike.....plzzz comment if you have any problem i will try to solve your problem.....plzzz give thumbs up i am in need....