See Raw Headers with Netcat

October 5th, 2015
tech
Getting response headers is easy: run curl -D- -o/dev/null -sS [url] or load the site in a browser with the networking tab open. Getting request headers is harder, because webservers don't have a way to dump this exactly as they received it. Yes, you can set them to log specific headers, but logging all headers exactly as they came over the wire isn't something I see in nginx or apache. Netcat can help here. Start it up on some unused port:
    nc -lp 8070
Now make the thing you're debugging visit yoursite:8070. Netcat will print out what headers you got:
    GET / HTTP/1.1
    Host: www.jefftk.com:8070
    Referer: http://www.jefftk.com/...
    Accept-Encoding: gzip,deflate
    Cache-Control: no-store, no-cache
    Accept-Language: en-US
    Connection: Keep-alive
    Accept: */*
    Accept-Encoding: gzip,deflate
    ...
See the duplicate Accept-Encoding header? It turned out that A was adding an extra encoding header which then made B disable gzip. [1] Once I had the raw headers as sent it was pretty clear what the problem was.

(Because the problem was a duplicated header I'm glad I didn't go with a higher level tool that might have masked that problem by storing headers in hashtable or something.)


[1] Sniffing the traffic would have been ideal, but I wasn't in a position to get in between them.

Comment via: google plus, facebook, substack

Recent posts on blogs I like:

Thing of Things AI use policy

dynomight recently wrote an article calling for bloggers to state publicly whether and how they use AI

via Thing of Things July 6, 2026

Agentic test processes, LLM benchmarks, and other notes on agentic coding from Galapagos Island

I've been using AI fairly heavily since last November and the whole thing is a funny experience. An agent will do something that, if a human did it, you'd immediately fire them. My reaction, of course, is to act as if this is great and spin up a t…

via Posts on July 3, 2026

Variable fonts aren't universally supported

I make a lot of webpages. I also use Lockdown Mode on iOS and MacOS for a bit of extra security. Sometimes I realize that I forgot to test on Safari and it looks like crap, or I test and don’t notice that there’s been a problem for months (as was the case…

via Home June 27, 2026

more     (via openring)