Testing HTTP Headers

I was recently asked to change a header to ensure that requests always use https, this can be done by ensuring the webpage has the header "Upgrade-Insecure-Requests” and that should be set to true. This can be achieved using SecKit, but I needed a way to check the initial setting and then also the change.

To view either the request or response HTTP headers in Google Chrome, I can do the following:

1. In Chrome, visit a URL, right-click, and select Inspect to open the developer tools.
2. Select the Network tab.
3. Reload the page, to load the Network resources

At the top of the list of resources will be the actual request for the webpage, but for this specific change, any resources listed should work.

The Network tab in Chromes Developer tools

The left panel shows the resources requested by the browser.

The HTTP headers will be displayed on the right panel.

The Headers Panel showing the Upgrade-Insecure-Request Header

Scroll down the list in the right panel to find the "Upgrade-Insecure-Requests"

As can be seen in the above image it should be set to "true" or "1".

A similar request exists to change the "Strict-Transport-Security"
It is set to: “max-age=1000”, by default, but it is more sensible to change it to "31536000".

A visit to SecKit can improve this, then I can return to the above steps to confirm the headers have been changed.

Add new comment