However, it might be better to use a record type for the request and response, putting the mandatory information, e.g. the request URL, HTTP version, and verb, in the record's slots, and putting everything else in a dictionary slot.
This seems very arbitrary to me. In particular, content is mandatory with PUT, POST, PATCH (unless file is provided) and forbidden/useless with other verbs. So there's a lot of interdependencies.
Also, almost everything you mentioned that isn't mandatory is in the headers, so perhaps just keep a dictionary of headers and provide procedures for extracting information like content type,
I agree that content-type and content-encoding can be eliminated.
I think that having a cookie jar data structure is the Right Thing, since you can just keep it in a variable, pass it in the request, and reassign the variable from the response.
They really belong with an URL SRFI yet to be written.