What method was used to encode the document? You need to decode it to get the type specified by the Content-Type header. Using gzip to compress the document can dramatically reduce download times for HTML files, but it is only supported by Netscape on Unix and IE 4 and 5 on Windows. On the other hand, gzipping HTML files can dramatically reduce download times, and Java's GZIPOutputStream makes it easy. So you should explicitly check if the browser supports this by looking at the Accept-Encoding header (i.e. via request.getHeader("Accept-Encoding")). That way, you can return gzipped pages to browser that know how to unzip them, but still return regular pages to other browsers.

How many bytes are being sent? This information is only needed if the browser is using a persistent (keep-alive) HTTP connection. If you want your servlet to take advantage of this when the browser supports it, your servlet should write the document into a ByteArrayOutputStream, look up its size when done, put that into the Content-Length field, then send the content via byteArrayStream.writeTo(response.getOutputStream()).

What is the MIME type of the following document? Default for servlets is text/plain, but they usually explicitly specify text/html. Setting this header is so common that there is a special method in HttpServletResponse for it: setContentType

What is current time (in GMT)? Use the setDateHeader method to specify this header. That saves you the trouble of formatting the date string properly.

At what time should content be considered out of date and thus no longer cached?

When was document last changed? Client can supply a date via an If-Modified-Since request header. This is treated as a conditional GET, with document only being returned if the Last-Modified date is later than the specified date. Otherwise a 304 (Not Modified) status line is returned. Again, use the setDateHeader method to specify this header.

Where should client go to get document? This is usually set indirectly, along with a 302 status code, via the sendRedirect method of HttpServletResponse.

How soon should browser ask for an updated page (in seconds)? Instead of just reloading current page, you can specify a specific page to load via setHeader("Refresh", "5; URL=http://host/path"). Note that this is commonly set via <META HTTP-EQUIV="Refresh" CONTENT="5; URL=http://host/path"> in the HEAD section of the HTML page, rather than as an explicit header from the server. This is because automatic reloading or forwarding is something often desired by HTML authors who do not have CGI or servlet access. But for servlets, setting the header directly is easier and clearer. Note that this header means "reload this page or go to the specified URL in N seconds." It does not mean "reload this page or go to the specified URL every N seconds." So you have to send a Refresh header each time, and sending a 204 (No Content) status code stops the browser from reloading further, regardless of whether you explicitly send the Refresh header or use <META HTTP-EQUIV="Refresh" ...>. Note that this header is not officially part of HTTP 1.1, but is an extension supported by both Netscape and Internet Explorer.

What server am I? Servlets don't usually set this; the Web server itself does.

Specifies cookie associated with page. Servlets should not use response.setHeader("Set-Cookie", ...), but instead use the special-purpose addCookie method of HttpServletResponse. See separate section on handling cookies.

What authorization type and realm should client supply in their Authorization header? This header is required in responses that have a 401 (Unauthorized) status line. E.g. response.setHeader("WWW-Authenticate", "BASIC realm=\"executives\""). Note that servlets do not usually handle this themselves, but instead let password-protected Web pages be handled by the Web server's specialized mechanisms (e.g. .htaccess).