ProHoster > Blog > Administration > Server HTTP Header Checking Service

Server HTTP Header Checking Service

It is important for any site to properly configure HTTP headers. Many articles have been written on the topic of headlines. Here we have summarized the accumulated experience, RFC documentation. Some of the headings are obligatory, some are obsolete, some can be confusing and contradictory. We made a puzomerka for automatic checking of web server HTTP headers. Unlike many other services that just show titles, this service allows you to:

  1. set the value of typical headers;
  2. add your own custom headers;
  3. specify the HTTP protocol version: 1.0, 1.1, 2 (checks if HTTP/2 is supported);
  4. specify the request method, timeout, and postdata to send to the server;
  5. the puzomerka also checks the correctness of the response to If-Modified-Since, If-None-Match requests, if the server response contains Last-Modified or ETag.


We do not claim to be the ultimate truth. For individual content and for individual projects, of course, there may be deviations. But this service will tell you exactly what you should pay attention to, it may be useful for you to edit your headlines. The following is a list of what the verification service pays attention to. Why so, read in articles on habrΓ©.

Required headers

  • Date:
  • Content-Type indicating charset for text content preferably utf-8
  • Content-Encoding compression for text content

Outdated and unnecessary headers

  • Server with a detailed version of the web server
  • X-Power-By
  • X_ASPNET-Version
  • Expires
  • Pragma
  • P3P
  • With
  • X-UA Compatible

Desired headers for security

  • X-Content-Type-Options
  • X-XSS-Protection
  • Strict-Transport-Security
  • Referrer-Policy
  • Feature-Policy
  • Content-Security-Policy or Content-Security-Policy-Report-Only to disable inline scripts and styles.

Headers for caching

Mandatory for static content with long cache times and highly desirable for dynamic content with short cache times.

  • Last Modified
  • ETag
  • Cache-control
  • Vary
  • It is important that the server correctly responds to the headers: If-Modified-Since and If-None-Match

HTTP / 2

The server must now support HTTP/2. By default, the service checks the server for HTTP/2. If your server does not support HTTP/2, then select HTTP/1.1.

Source: habr.com

Add a comment