Scan your site now
Review the HTTP Headers from a web server with this quick check. These headers are useful for checking how a webpage responds to a request publicly.
What are Server headers?
HTTP Server Headers are a hidden part of a webpage response which only a browser can see, and it shows nowhere when a user opens typically any website or webpage.
HTTP Headers are a piece of code which tells the browser that what should be the behavior of the browser while opening the requested page. There are several HTTP Headers used for modifying the browser. Here are some of the examples
Common HTTP Headers
Accept-Ranges | Medium | Indicates if the server supports partial requests, allowing clients to download specific parts of a resource. |
Access-Control-Allow-Credentials | High | Indicates whether the response can be shared with requesting code from the given origin when credentials are included. |
Access-Control-Allow-Headers | High | Specifies the headers allowed in a preflight request via the Access-Control-Request-Headers header. |
Access-Control-Allow-Methods | High | Specifies the methods allowed when accessing the resource in response to a preflight request. |
Access-Control-Allow-Origin | High | Specifies which origins are allowed to access the resource. |
Access-Control-Expose-Headers | Medium | Indicates which headers can be exposed as part of the response by listing their names. |
Access-Control-Max-Age | Medium | Indicates how long the results of a preflight request can be cached by the client. |
Age | Low | Conveys the time in seconds since the object was generated at the origin server. |
Allow | Medium | Lists the set of HTTP request methods supported by a resource. |
Cache-Control | High | Specifies directives for caching mechanisms in both requests and responses. |
Connection | Medium | Controls whether the network connection stays open after the current transaction finishes. |
Content-Disposition | Low | Directs the client to display the response body as a file attachment or to open it directly. |
Content-Encoding | High | Specifies the encoding applied to the data in the response body. |
Content-Language | Low | Indicates the natural language of the response body. |
Content-Length | High | Specifies the size of the response body in bytes. |
Content-Location | Low | Provides a URI that refers to the specific location of the resource. |
Content-Range | Medium | Indicates where in a full body the partial message being sent belongs. |
Accept-Ranges | Medium | Indicates if the server supports partial requests, allowing clients to download specific parts of a resource. |
Access-Control-Allow-Credentials | High | Indicates whether the response can be shared with requesting code from the given origin when credentials are included. |
Access-Control-Allow-Headers | High | Specifies the headers allowed in a preflight request via the Access-Control-Request-Headers header. |
Access-Control-Allow-Methods | High | Specifies the methods allowed when accessing the resource in response to a preflight request. |
Access-Control-Allow-Origin | High | Specifies which origins are allowed to access the resource. |
Cache-Control | High | Specifies directives for caching mechanisms in both requests and responses. |
Connection | Medium | Controls whether the network connection stays open after the current transaction finishes. |
Content-Encoding | High | Specifies the encoding applied to the data in the response body. |
Content-Length | High | Specifies the size of the response body in bytes. |
Content-Security-Policy | High | Defines the Content Security Policy, which controls the resources a user agent is allowed to load. |
Content-Type | High | Indicates the media type of the resource or the data in the response body. |
ETag | Medium | Provides a unique identifier for the specific version of a resource, used for caching and conditional requests. |
Expires | Medium | Gives the date and time after which the response is considered stale and should not be used from cache. |
Last-Modified | Medium | Indicates the date and time the resource was last modified. |
Location | High | Used in redirect responses to indicate the URL of the new resource. |
Pragma | Low | Includes implementation-specific directives for backwards compatibility with HTTP/1.0 caches. |
Server | Low | Contains information about the software used by the server. |
Set-Cookie | High | Sends cookies from the server to the client, which are stored by the client and sent back to the server in subsequent requests. |