For any site, it is important to properly configure the HTTP headers. A lot of articles have been written on the subject of headings. Here we have summarized the lessons learned, the RFC documentation. Some of the headings are mandatory, some are obsolete, some can be confusing and contradictory. We did a parsing to automatically check the HTTP headers of the web server.
Correct HTTP headers increase security and trust in the site, including from search engines, can affect the site’s position in Yandex and Google, save server resources, reduce server load, thereby increasing the server response speed, which again affects the ranking of the site in the search, save money on payment powerful hosting, which may not be required for the site when configured correctly.
Check not only web-page headers, but also headers of static content, images, css and js files. Check separately If-Modified-Since and If-None-Match for correct your web server reply 304 Not Modified.
Unlike many other services that simply show headers, our headers checker allows:
We do not claim to be the ultimate truth. For individual content and for individual projects, of course, there may be deviations. But this service will definitely tell you what you should pay attention to, it may be useful for you to edit your headers. The following is a list of what the verification service pays attention to. Why so, read in articles on a habr.
Required for static content with a long cache term and highly desirable for dynamic content with a short cache term.
Nowadays the server must support HTTP/2. By default, the service checks the server for HTTP/2. If your server does not support HTTP/2, then select HTTP/1.1.
Correct HTTP headers increase security and trust in the site, including from search engines, can affect the site’s position in Yandex and Google, save server resources, reduce server load, thereby increasing the server response speed, which again affects the ranking of the site in the search, save money on payment powerful hosting, which may not be required for the site when configured correctly.
Check not only web-page headers, but also headers of static content, images, css and js files. Check separately If-Modified-Since and If-None-Match for correct your web server reply 304 Not Modified.
Unlike many other services that simply show headers, our headers checker allows:
- get total score of web-server settings quality and advices what possible to improve;
- set the value of typical headers;
- add your own custom headers;
- specify the version of the HTTP protocol: 1.0, 1.1, 2 (checks if HTTP / 2 is supported);
- specify the request method, timeout, and post data to send to the server;
- the service also checks if the response to the If-Modified-Since, If-None-Match requests is correct if the server response contains Last-Modified or ETag;
- see HTTP-request data and other request params.
We do not claim to be the ultimate truth. For individual content and for individual projects, of course, there may be deviations. But this service will definitely tell you what you should pay attention to, it may be useful for you to edit your headers. The following is a list of what the verification service pays attention to. Why so, read in articles on a habr.
Mandatory headers
- Date
- Content-Type specifying charset for text content preferably utf-8
- Content-Encoding compression for text content
Obsolete and unnecessary headers
- Server with a detailed version of the web server
- X-Power-By
- X_ASPNET-Version
- Expires
- Pragma
- P3P
- Via
- X-UA-Compatible
Desired headers for security
- X-Content-Type-Options
- X-XSS-Protection
- Strict-Transport-Security
- Referrer-Policy
- Feature-Policy
- Content-Security-Policy or Content-Security-Policy-Report-Only to disable inline scripts and styles.
Caching headers
Required for static content with a long cache term and highly desirable for dynamic content with a short cache term.
- Last-Modified
- ETag
- Cache-Control
- Vary
- Важно, чтобы сервер корректно отвечал на заголовки: If-Modified-Since и If-None-Match
HTTP/2
Nowadays the server must support HTTP/2. By default, the service checks the server for HTTP/2. If your server does not support HTTP/2, then select HTTP/1.1.
