Using a cookie is a way to store a small amount of data related to a user visiting your site. You'll learn more about cookies in the next section. Whatever you store in cookies on a particular website is attached to every HTTP request to that site. So, basically, your HTTP protocol transfers a string of cookies on every request that allows the server to store some sort of information related to each client connected to it.
When we add custom headers to our XMLHttpRequest (remember The Fetch API customizations section from the preceding chapter?), it makes it easy to fake our own state on the HTTP protocol. An authorization header is one more header that is sent by the browser on every request if it is set.
Let's now ...