StackTips

Scan your site now

Review the HTTP Headers from a web server with this quick check. These headers are useful for checking how a webpage responds to a request publicly.

What are Server headers?

HTTP Server Headers are a hidden part of a webpage response which only a browser can see, and it shows nowhere when a user opens typically any website or webpage.

HTTP Headers are a piece of code which tells the browser that what should be the behavior of the browser while opening the requested page. There are several HTTP Headers used for modifying the browser. Here are some of the examples

Common HTTP Headers

Accept-Ranges Medium Indicates if the server supports partial requests, allowing clients to download specific parts of a resource.
Access-Control-Allow-Credentials High Indicates whether the response can be shared with requesting code from the given origin when credentials are included.
Access-Control-Allow-Headers High Specifies the headers allowed in a preflight request via the Access-Control-Request-Headers header.
Access-Control-Allow-Methods High Specifies the methods allowed when accessing the resource in response to a preflight request.
Access-Control-Allow-Origin High Specifies which origins are allowed to access the resource.
Access-Control-Expose-Headers Medium Indicates which headers can be exposed as part of the response by listing their names.
Access-Control-Max-Age Medium Indicates how long the results of a preflight request can be cached by the client.
Age Low Conveys the time in seconds since the object was generated at the origin server.
Allow Medium Lists the set of HTTP request methods supported by a resource.
Cache-Control High Specifies directives for caching mechanisms in both requests and responses.
Connection Medium Controls whether the network connection stays open after the current transaction finishes.
Content-Disposition Low Directs the client to display the response body as a file attachment or to open it directly.
Content-Encoding High Specifies the encoding applied to the data in the response body.
Content-Language Low Indicates the natural language of the response body.
Content-Length High Specifies the size of the response body in bytes.
Content-Location Low Provides a URI that refers to the specific location of the resource.
Content-Range Medium Indicates where in a full body the partial message being sent belongs.
Accept-Ranges Medium Indicates if the server supports partial requests, allowing clients to download specific parts of a resource.
Access-Control-Allow-Credentials High Indicates whether the response can be shared with requesting code from the given origin when credentials are included.
Access-Control-Allow-Headers High Specifies the headers allowed in a preflight request via the Access-Control-Request-Headers header.
Access-Control-Allow-Methods High Specifies the methods allowed when accessing the resource in response to a preflight request.
Access-Control-Allow-Origin High Specifies which origins are allowed to access the resource.
Cache-Control High Specifies directives for caching mechanisms in both requests and responses.
Connection Medium Controls whether the network connection stays open after the current transaction finishes.
Content-Encoding High Specifies the encoding applied to the data in the response body.
Content-Length High Specifies the size of the response body in bytes.
Content-Security-Policy High Defines the Content Security Policy, which controls the resources a user agent is allowed to load.
Content-Type High Indicates the media type of the resource or the data in the response body.
ETag Medium Provides a unique identifier for the specific version of a resource, used for caching and conditional requests.
Expires Medium Gives the date and time after which the response is considered stale and should not be used from cache.
Last-Modified Medium Indicates the date and time the resource was last modified.
Location High Used in redirect responses to indicate the URL of the new resource.
Pragma Low Includes implementation-specific directives for backwards compatibility with HTTP/1.0 caches.
Server Low Contains information about the software used by the server.
Set-Cookie High Sends cookies from the server to the client, which are stored by the client and sent back to the server in subsequent requests.