Home Tools

HTTP Headers

Request Headers

Request headers are sent by your browser to the server when making a request.

Response Headers

Response headers are returned from the server after your browser makes a request.

Header Example Recommendation and Description
cache-control
content-encoding gzip
content-type text/html; charset=utf-8
Strict-Transport-Security max-age=47474747; includeSubDomains; preload
X-Frame-Options SAMEORIGIN
Deny
This shoould be set to SAMEORIGIN or set to Deny if you'll never need to embed iframes of your site, on your site. This will prevent clickjacking.
X-Powered-By ASP.NET Disable. It is a security risk to expose the type of server you're using.
Server Microsoft-IIS/8.0
nginx/1.4.1
Disable. It is a security risk to expose the type of server you're using.
X-XSS-Protection
Last-Modified The page's last modified date

Open Questions?

  1. Are headers case sensitive?

    No. Header names are not case sensitive. https://www.w3.org/Protocols/rfc2616/rfc2616-sec4.html#sec4.2