HTTP Headers

All websites has headers, the headers define the website, its the first thing which loads on the website. To obtain the headers, we can use the command line to retrieve this.

curl -I mysuperweb.co.uk

HTTP/1.1 302 Found
Date: Wed, 27 May 2015 19:51:42 GMT
Server: Apache
Location: https://mysuperweb.co.uk/
Vary: Accept-Encoding
Content-Type: text/html; charset=iso-8859-1

Our current header for mysuperweb.co.uk tells us that the website isn’t actually at this location. There is a redirection in place, this means that when someone visits this location, they will be redirected to a new location of https://mysuperweb.co.uk.

curl -I https://mysuperweb.co.uk

HTTP/1.1 200 OK
Date: Wed, 27 May 2015 19:58:47 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000
X-Powered-By: PHP/5.4.39-0+deb7u2
X-Pingback: https://mysuperweb.co.uk/xmlrpc.php
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

Here we have obtained the header of the new location, the location is correct as it has the HTTP response code of 200. This means that everything is ok. Within the header we can see what kind of server we have and it has the Strict-Transport-Security header which is in relation to HSTS.


This is the latest header for the website:

curl -I https://mysuperweb.co.uk

HTTP/1.1 200 OK
Date: Sat, 17 Feb 2018 17:33:14 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Link: ; rel="https://api.w.org/"
Cache-Control: max-age=3600
Expires: Sat, 17 Feb 2018 18:33:14 GMT
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

There is more than one way to get the headers, here is another method:

wget -S mysuperweb.co.uk

--2015-05-27 21:05:21--  http://mysuperweb.co.uk/
Resolving mysuperweb.co.uk (mysuperweb.co.uk)... 2001:41d0:52:200::13a, 5.135.149.57
Connecting to mysuperweb.co.uk (mysuperweb.co.uk)|2001:41d0:52:200::13a|:80... connected.
HTTP request sent, awaiting response... 
  HTTP/1.1 302 Found
  Date: Wed, 27 May 2015 20:05:21 GMT
  Server: Apache
  Location: https://mysuperweb.co.uk/
  Vary: Accept-Encoding
  Content-Length: 209
  Keep-Alive: timeout=5, max=100
  Connection: Keep-Alive
  Content-Type: text/html; charset=iso-8859-1
  X-Pad: avoid browser bug
Location: https://mysuperweb.co.uk/ [following]
--2015-05-27 21:05:21--  https://mysuperweb.co.uk/
Connecting to mysuperweb.co.uk (mysuperweb.co.uk)|2001:41d0:52:200::13a|:443... connected.
GnuTLS: A TLS warning alert has been received.
Unable to establish SSL connection.