HTTP Header Viewer

The HTTP Header Viewer tools allows you to check the headers from a website page which can help you diagnose problems with HTTP status codes, cookies, etc. Our HTTP Header Viewer tool allows you to enter multiple URLs one per line, comma-separated, or tab-separated. Once you have entered all of the URLs you want to check, click on the View Headers button.

 
Remember URLs for next visit
 

HTTP headers are are sent as part of the request from your browser and response from a web server when you visit a webpage via the Hyptext Transfer Protocol (HTTP). Typically the HTTP header fields are invisible to the person viewing the website as its going on behind the scenes.

The HTTP header fields are colon-separated name-value pairs that are terminated by a carriage return (CR) and line feed (LF). The end of the header is indicated by having two consecutive CR-LF pairs.

There are many common standard request headers, response headers, and non-standard request and response headers. Most dates and times used with these request or response headers will always be in RFC 2822 format. Below we will list numerous request and response headers, both standard and non-standard.

Request Headers

Field Name Description Example
Accept Specifies the type of media content that is allowed for a response. Can include things such as text/html, text/plain, */*, image/jpeg, text/* Accept: text/html
Accept-Charset Indicates the character sets that are allowed for a response. If the * is present it would match every character set. Accept-Charset: utf-8
Accept-Encoding Encodings that are allowed, for example: gzip, compress, * Accept-Encoding: gzip
Accept-Language Natural languages that are preferred as a response to the request. More than one language can be listed and a quality level can be associated with each one to estimate the user's preference for that language. If no quality level is given it defaults to the highest level of 1 Accept-Language: en-US; q=0.5, es
Authorization HTTP Authentication credentials which are usually Basic or Digest Access Authentication. Usually a browser will will send this after receiving a 401 Authorization Required status code Authorization: Basic b3p6dTpyb2Nrcw==
Cache-Control Directives that must be obeyed for caching mechanisms along the request/response chain and can include things such as: no-cache, no-store, max-age, max-stale, min-fresh, no-transform, only-if-cached, and cache-extension Cache-Control: no-cache
Connection Options that are desired for that particular connection Connection: close
Content-Length The length of the request body in bytes Content-Length: 15395
Content-MD5 MD5 digest of the request entity-body for the purpose of providing an end-to-end message integrity check Content-MD5: T3p6dSBUb29scw==
Content-Type The media type of the entity-body sent to the recipient Content-Type: application/x-www-form-urlencoded
Cookie An HTTP cookie previously sent from the website Cookie: data=1; info=2
Date The date and time that the message was sent Date: Wed, 24 Aug 2011 09:15:07 GMT
Expect Indicate particular server behaviors required by the client Expect: 100-continue
From If given should contain e-mail of user making request From: user@ozzu.com
Host The domain name of the website (used for virtual hosting), and since HTTP/1.1 mandatory Host: www.ozzu.com
If-Match Makes request conditional and perform action if client supplied entity matches same entity on the server If-Match: "8ec2742af234ed23424ff4"
If-Modified-Since Makes request conditional and allows a 304 Not Modified to be returned if content is unchanged If-Modified-Since: Wed, 24 Aug 2011 09:15:07 GMT
If-None-Match Makes request conditional and allows a 304 Not Modified to be returned if content is unchanged If-None-Match: "8ec2742af234ed23424ff4"
If-Range Send missing parts of entity unless entity is unchanged, or send entire new entity If-Range: "8ec2742af234ed23424ff4"
If-Unmodified-Since Makes request conditional and only send response if entity has not been modified since a particular time If-Unmodified-Since: Wed, 24 Aug 2011 09:15:07 GMT
Max-Forwards Limit the number of proxies or gateways that can forward the request Max-Forwards: 5
Pragma Specific directives that might apply to any recipient along the request/response chain Pragma: no-cache
Proxy-Authorization Allows the client to identify itself to a proxy which requires authentication Proxy-Authorization: Basic b3p6dTpyb2Nrcw==
Range Request only part of an entity using bytes Range: bytes=1400-4829
Referer The address of the last web page that linked to the currently requested page. Note: The word referrer is mispelled in the Request for Comments (RFC) Referer: http://www.ozzu.com/tools/http-header-viewer/
TE Indicates what extension transfer-codings it is willing to accept in the response TE: trailers, deflate
Upgrade Ask the server to upgrade to another protocol Upgrade: HTTP/2.0, SHTTP/1.3, IRC/6.9, RTA/x11
User-Agent Contains information about the user agent originating the request, often times the name of the browser and version User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:6.0a2) Gecko/20110613 Firefox/6.0a2
Via Informs the server of proxies through which the request was sent Via: 1.0 ozzuproxy1, 1.1 ozzuproxy2, 1.0 unmeltedproxy
Warning A general warning about possible problems with the entity body Warning: 110 Response is stale

Response Headers

Field Name Description Example
Accept-Ranges Server indicates what partial content range types it supports Accept-Ranges: bytes
Age The age the object has been in a proxy cache in seconds Age: 48282
Allow A header that lists the set of methods supported by the server and is present in a 405 Method not allowed response Allow: GET, HEAD
Cache-Control Specifies directives to all caching mechanisms along the request/response chain that must be obeyed Cache-Control: no-cache
Connection Specify options that are desired for that particular connection Connection: close
Content-Encoding The type of encoding used on the response data Content-Encoding: gzip
Content-Language Describes the natural language of the intended audience for the response content Content-Language: en, es
Content-Length Indicates the lenght of the response body in bytes Content-Length: 42321
Content-Location An alternate location using an absolute URI or relative URI for the returned data Content-Location: http://www.ozzu.com/tools/http-header-viewer/
Content-MD5 MD5 digest of the response entity-body for the purpose of providing an end-to-end message integrity check Content-MD5: T3p6dSBUb29scw==
Content-Disposition Optional header field which raises a file download or save as dialog box for a known MIME type Content-Disposition: attachment; filename=ozzu.txt
Content-Range Where in the full entity-body the partial message belongs using range/total bytes Content-Range: bytes 65900-66399/132221
Content-Type Indicates the media type of the entity-body sent to the recipient Content-Type: text/html; charset=utf-8
Date The date and time that the message was sent Date: Wed, 24 Aug 2011 09:15:07 GMT
ETag An identifier for a specific version of a resource, often a message digest ETag: "5aa44485ff2a4485faff322add4abc4d"
Expires Gives the date/time after which teh response is considered stale Expires: Wed, 24 Aug 2011 09:15:07 GMT
Last-Modified Indicates the date and time at which the requested object was last modified Last-Modified: Wed, 24 Aug 2011 09:15:07 GMT
Link Expresses a link between the entity it occurs in and some other resource on the web Link: <style.css>; rel="stylesheet"; title="compact"
Location Used to redirect the recipient to a different location where the resource could be found. Can be used with 301 status codes for a permanent redirection, or 302 status code for a temporary redirection Location: http://www.ozzu.com/
P3P Sets the P3P policy which never really was widely accepted by browsers. Most browsers do not use this, but for browsers that do can affect cookie permissions. Many websites exist that set fake policy text to get around the cookie permission problem P3P: CP="CAO DSP COR CURa ADMa DEVa TAIa OUR STP ONL UNI COM NAV INT DEM CNT PRE"
Pragma Implemention specific headers that may have various effects along the request-response chain Pragma: no-cache
Proxy-Authenticate This is must be included with a 407 response code and indicates that the client should first authenticate with a proxy server. Consists of a challenge that indicates the authentication scheme to access the proxy. Proxy-Authenticate: Basic
Refresh Used in redirection, or when a new resource has been created. By default this refresh redirects after 5 seconds. Refresh: 3; url=http://www.ozzu.com/tools/
Retry-After Typically used with a 503 Service Unavailable response to indicate how long the service is expected to be temporarily unavailable Retry-After: 300
Server Contains information about the server used to handle the request. Many web hosts will restrict the information the server provides to protect from vulnerability attacks against software known to contain security holes Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7g
Set-Cookie Contains information about the server used to handle the request. Many web hosts will restrict the information the server provides to protect from vulnerability attacks against software known to contain security holes Set-Cookie: UserID=Ozzu; expires=Sun, 22-Aug-2021 06:08:39 GMT; path=/; domain=.ozzu.com; HttpOnly
Strict-Transport-Security Fairly new HTTPS header which forces a website to be fetched through HTTPS for a given amount of time. Known as HTTP Strict Transport Security (HSTS), can transform any HTTP connection into a HTTPS connection without a man-in-the-middle attack Strict-Transport-Security: max-age=15768000; includeSubDomains
Trailer Indicates that the given set of header fields is present in the trailer of a message encoded with chunked transfer-coding Trailer: Max-Forwards
Transfer-Encoding Indicates what and if any type of transformation encoding has been applied in order to safely transfer the message to the user. Currently defined methods are: chunked, compress, deflate, gzip, and identity Transfer-Encoding: chunked
Vary Tells downstream proxies how to match future request headers to decide wether the cached response can be used rather than requesting a fresh response from the origin server Vary: *
Via Indicates the proxies through which the response was sent Via: 1.0 ozzuproxy1, 1.1 ozzuproxy2, 1.0 unmeltedproxy
Warning A general warning about possible problems with the entity body Warning: 111 Revalidation failed
WWW-Authenticate Must be included with a 401 Unauthorized response message and indicates the authentication scheme that should be used to access the requested entity WWW-Authenticate: Basic

Non-standard Request Headers

Field Name Description Example
X-Requested-With Mainly used to identify AJAX requests. The majority of JavaScript frameworks send thsi header with the value of XMLHttpRequest X-Requested-With: XMLHttpRequest
X-Do-Not-Track Requests a web application to disable their tracking of a user. As of this writing this is mostly ignored by web applications, however, future legislation may require web applications to comply X-Do-Not-Track: 1
DNT This is Mozzila's verions of X-Do-Not-Track. Has the same identical purpose as above, and Safari and IE9 also have support for this header DNT: 1

Non-standard Response Headers

Field Name Description Example
X-Frame-Options Clickjacking protection in which "deny" prevents rending within a frame, and "sameorigin" prevents rendering if origin does not match X-Frame-Options: deny
X-XSS-Protection Cross-site scripting (XSS) filter which helps prevents XSS based attacks X-XSS-Protection: 1; mode=block
X-Content-Type-Options Prevents Internet Explorer from MIME-sniffing a response away from the declared content-type X-Content-Type-Options: nosniff
X-Forwarded-For Identifies the original IP address of a client connectiong to a web server via an HTTP proxy or load balancer X-Forwarded-For: 124.28.118.36, 139.48.62.201
X-Forwarded-Proto Indentifies the original protocol of an HTTP request since a reverse proxy communicates with a web server using HTTP X-Forwarded-Proto: https
X-Powered-By Specifies some of the technology that is supporting the web application X-Powered-By: PHP/5.2.17
X-Robots-Tag Most of the major search engines including Google and Bing both support this header tag which will allow you to control how the content is made available via their search results. Valid responses include all, noindex, nofollow, none, noarchive, nosnippet, noodp, notranslate, noimageindex, and unavailable_after. Numerous values can be used and separated by a comma. You can also send multiple X-Robots-Tags optionally including the bot that should abide by the rule. X-Robots-Tag: noindex
X-Robots-Tag: noindex, nofollow
X-Robots-Tag: googlebot: noarchive
X-Robots-Tag: bingbot: all
 
 

© 2011 Unmelted, LLC. Ozzu® is a registered trademark of Unmelted, LLC.

 
 
 

At Ozzu Hosting we are committed to bringing you the quality hosting services you demand. Hosting plans include shared hosting, dedicated hosting, and reseller hosting server packages for both beginners and experts alike.