Apache Request and Response Headers
Most users don't realise that while browsing the WWW there is a constant conversation going on between the browser and the web server. Below you can see the specific Headers that were passed from your browser to our webserver and back when this page was requested.
Apache Request Headers
The following headers were sent by your browser when requesting this page. The Host and Cookie details will change for different websites, and the Referer depending on where you're come from, but otherwise every site/page you visit will receive this information from your browser:
|Accept-Encoding||x-gzip, gzip, deflate|
Output produced by the PHP function apache_request_headers.
Apache Response Headers
Our Apache server generated the following HTTP headers in response to your request for this page:
|Last-Modified||Sun, 07 Aug 2016 08:02:22 GMT|
|Expires||Thu, 19 Nov 1981 08:52:00 GMT|
|Cache-Control||no-store, no-cache, must-revalidate, post-check=0, pre-check=0|
Output produced by the PHP function headers_list.
But after the initial response, more headers can be added, or modified, by services such as PHP. For this page the following paints a fuller picture:
|HTTP/1.1 200 OK|
|Date||Sun, 17 Dec 2017 21:27:47 GMT|
Output produced using a cURL HEAD request.
Getting the full picture
The best way to get a full picture of the response headers is to make an HTTP GET request from outside the server. A great tool for this is REDbot which tells us the following headers were sent:
|HTTP/1.1 200 OK|
|Date||Sun, 16 Dec 2012 10:52:48 GMT|
You can see from the above the version of Apache that we're using, that we're using ModPagespeed and mod_compress to serve gzip'ed content. Most other software and version details have been, and should be, suppressed for security reasons.
Removing server details
In Apache2 on Debian the relevant settings can be found in /etc/apache2/conf.d/security:
- ServerTokens Minimal
- ServerSignature Off
Setting ServerTokens to 'Prod' instead of 'Minimal' will display just 'Apache' and no version number.
In /etc/apache/mods-available/pagespeed.conf you can supress the version number by substituting other text, for example:
- ModPagespeedXHeaderValue "enabled"
Send a message to The Art of Web:
press <Esc> or click outside this box to close