Get best of the week

Server HTTP Header Verification Service

For any site, it is important to properly configure the HTTP headers. A lot of articles have been written on the subject of headings. Here we have summarized the lessons learned, the RFC documentation. Some of the headings are mandatory, some are obsolete, some can be confusing and contradictory. We did a parsing to automatically check the HTTP headers of the web server . Unlike many other services that simply show headers, this service allows you to:

  1. set the value of typical headers;
  2. add your own custom headers;
  3. indicate the version of the HTTP protocol: 1.0, 1.1, 2 (checks if HTTP / 2 is supported);
  4. specify the request method, timeout, and postdata data to send to the server;
  5. puzomerka also checks if the response to the If-Modified-Since, If-None-Match requests is correct if the server response contains Last-Modified or ETag.

We do not claim to be the ultimate truth. For individual content and for individual projects, of course, there may be deviations. But this service will definitely tell you what you should pay attention to, it may be useful for you to edit your headers. The following is a list of what the verification service pays attention to. Why so, read the articles on the Habre .

Mandatory Headers


  • Date
  • Content-Type specifying charset for text content preferably utf-8
  • Content-Encoding Compression for Text Content

Outdated and unnecessary headers


  • Server with a detailed version of the web server
  • X-power-by
  • X_ASPNET-Version
  • Expires
  • Pragma
  • P3p
  • Via
  • X-UA-Compatible

Desired Headers for Security


  • X-Content-Type-Options
  • X-XSS-Protection
  • Strict-transport-security
  • Referrer-policy
  • Feature policy
  • Content-Security-Policy or Content-Security-Policy-Report-Only to disable inline scripts and styles.

Caching Headers


Required for static content with a long cache term and highly desirable for dynamic content with a short cache term.

  • Last-modified
  • ETag
  • Cache control
  • Vary
  • It is important that the server responds correctly to the headers: If-Modified-Since and If-None-Match

HTTP / 2


Now the server must support HTTP / 2. By default, the service checks the server for HTTP / 2. If your server does not support HTTP / 2, then select HTTP / 1.1.

More articles:


All Articles