A lot of important stuff is passed around in HTTP headers. Things like credentials, auth tokens, and other API information. For the most part, these are invisible to the user. They act as the common glue that binds a session together. I wrote earlier on how to intercept the responses