Audisto Crawler Hints
HTTP Header Analyzer Security & Performance Tool
What is the HTTP header checker for
Ensure Security Standards: Detect issues with security headers including Content-Security-Policy, Strict-Transport-Security, and cookie configurations that affect website security.
Optimize Content Delivery: Find problems with compression settings, charset definitions, and content-type specifications that impact performance and rendering.
Maintain Header Integrity: Identify issues with header size, duplicate headers, and invalid implementations that could affect server response efficiency.
Monitor Header Health: Track changes in HTTP header implementation to maintain security compliance and prevent performance issues.
How to check HTTP headers issues at scale
Headers shape security
Proper HTTP header implementation is crucial for website security and performance. Our analysis helps you maintain secure and efficient header configurations. While our quick check provides immediate header insights for single pages, our full crawler ensures consistent header implementation across your entire website.
Critical HTTP Header related hints
Charset: Charset set in HTTP Content-Type header and document differ
Both the document and the HTTP Content-Type header specify a charset, but these are not identical.Learn more
Charset: Invalid charset in Content-Type HTTP header
The Content-Type HTTP header specifies an invalid charset.Learn more
Charset: Not set
There is no charset set, neither in the Content-Type HTTP header, nor in the document, e.g. through a <meta> tag.Learn more
Content-Security-Policy HTTP header missing
If the Content-Security-Policy HTTP header is missing, the URL is flagged with this hint.Learn moreRedirect: Non-ASCII characters in location URL
Only printable ASCII characters are allowed in HTTP header values and redirect location URLs.Learn moreStrict-Transport-Security HTTP header is invalid
If a Strict-Transport-Security HTTP header is not properly defined, the URL is flagged with this hint.Learn more
Problem indicating HTTP Header related hints
Charset: Not set in Content-Type HTTP header
The Content-Type HTTP header does not specify a charset.Learn moreCompression not enabled
Content compression was not enabled, or gzip, deflate or brotli compression is not supported by the server.Learn moreCookies send over insecure connection
A cookies send over an insecure connection was found.Learn moreCookies set with secure flag over insecure connection
A secure cookies send over an insecure connection was found.Learn moreHTTP headers more than 8 KiB in size
If the HTTP response headers in total are more than 8 KiB in size, the URL is flagged with this hint.Learn moreStrict-Transport-Security HTTP header has short duration
If a Strict-Transport-Security header is set to a short duration, the URL is flagged with this hint.Learn moreStrict-Transport-Security HTTP header sent more than once
If a Strict-Transport-Security HTTP header is sent more than once, the URL is flagged with this hint.Learn more
Informational HTTP Header related hints
Content-Type does not match file extension
This hint identifies all downloaded URLs where the Content-Type HTTP header does not match the file extension.Learn moreCookies set without secure flag
If cookies are set without using the secure flag, the URL is flagged with this hint.Learn moreStrict-Transport-Security HTTP header missing
If a Strict-Transport-Security HTTP header is missing, the URL is flagged with this hint.Learn more