Debug Headers with GET

November 17th, 2020
tech
HTTP offers a convenient way to download only the headers: send a HEAD request:
$ telnet www.example.com 80
Trying 93.184.216.34...
Connected to www.example.com.
Escape character is '^]'.
HEAD / HTTP/1.1
Host: www.example.com

HTTP/1.1 200 OK
Content-Encoding: gzip
Accept-Ranges: bytes
Age: 325063
Cache-Control: max-age=604800
Content-Type: text/html; charset=UTF-8
Date: Tue, 17 Nov 2020 02:29:50 GMT
Etag: "3147526947"
Expires: Tue, 24 Nov 2020 02:29:50 GMT
Last-Modified: Thu, 17 Oct 2019 07:18:26 GMT
Server: ECS (dcb/7F82)
X-Cache: HIT
Content-Length: 648
Of course you wouldn't usually manually type into telnet, you'd use something like curl:
$ curl -I http://www.example.com
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 326121
Cache-Control: max-age=604800
Content-Type: text/html; charset=UTF-8
Date: Tue, 17 Nov 2020 02:47:38 GMT
Etag: "3147526947"
Expires: Tue, 24 Nov 2020 02:47:38 GMT
Last-Modified: Thu, 17 Oct 2019 07:18:26 GMT
Server: ECS (dcb/7EC9)
X-Cache: HIT
Content-Length: 1256
It's defined in RFC 7231:
The HEAD method is identical to GET except that the server MUST NOT send a message body in the response (i.e., the response terminates at the end of the header section). The server SHOULD send the same header fields in response to a HEAD request as it would have sent if the request had been a GET, except that the payload header fields MAY be omitted.

Unfortunately, HEAD is a trap. When you are trying to debug strange server behavior, it is much safer to send GET requests and throw away the body (ex, ex). Not only is "SHOULD" just a recommendation, but even if this were a "MUST" you could bet some servers would mishandle it. Counterfactuals are hard!

While differences are rare, always debugging by requesting the body like a normal client would, and then discarding it, means one fewer way that your debug request differs from a real one:

$ curl -sS -D- -o/dev/null http://www.example.com
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 326124
Cache-Control: max-age=604800
Content-Type: text/html; charset=UTF-8
Date: Tue, 17 Nov 2020 02:47:41 GMT
Etag: "3147526947"
Expires: Tue, 24 Nov 2020 02:47:41 GMT
Last-Modified: Thu, 17 Oct 2019 07:18:26 GMT
Server: ECS (dcb/7EC9)
Vary: Accept-Encoding
X-Cache: HIT
Content-Length: 1256

Going farther in the same direction, it's even better to start with "Copy as cURL":

And then add the -sS -D- -o/dev/null to get the headers if that's all you want.

Comment via: facebook, lesswrong

Recent posts on blogs I like:

On The Prosperity Gospel

things I find fascinating: religion, scams

via Thing of Things February 19, 2024

Diseconomies of scale in fraud, spam, support, and moderation

If I ask myself a question like "I'd like to buy an SD card; who do I trust to sell me a real SD card and not some fake, Amazon or my local Best Buy?", of course the answer is that I trust my local Best Buy1 more than Amazon, which is notoriou…

via Posts on February 18, 2024

Raising children on the eve of AI

How do we prepare them for what we're not prepared for? The post Raising children on the eve of AI appeared first on Otherwise.

via Otherwise February 15, 2024

more     (via openring)