What are HTTP Headers?

HTTP Headers are a collection of general, request and response data passed via HTTP. It is useful for networking to know who made a request, what methods they used, the time and date, and from which page they travelled.

It’s especially important to learn these HTTP headers for technical SEO. A large part of Technical SEO is understanding how browsers construct web pages and how the internet communicates.

You can find a full list of documentation on HTTP headers at developer.mozilla.org.

How can I check my HTTP Headers?

If you are using Google Chrome, then you can easily check HTTP headers using the built-in development console. First, start by pressing F12 on your keyboard. It should open up the console. However, if this isn’t working for you, then you can right-click and press inspect.

Once you have opened up the development console, there are tabs across the top. You will want to find the tab named Network. However, by default, this will include no information. You will need to refresh the page to collect data.

Networks in Google Development Console

Depending on your display, you should be able to find a window that includes a list of all the files loaded. The first in this list should be the HTML document, in my case, it is called http-headers because that is the URL.

You will also find a list of images, CSS and Javascript files. Each one of these files can be selected to find specific data for those files.

Selecting Files in Google Development Console

Once you have selected a file, several tabs populate with information. If you choose the “Headers” tab, you will find all the HTTP headers that applied to that specific file’s request. For example, CSS files may include expiry data for caching.

HTTP Headers in Google Development Console

Most Important HTTP Headers?

This list covers the essential HTTP headers that you need to know for SEO. It includes a few well-known, yet crucial, headers – as well as some of the lest well-known.

Most of these HTTP headers are set up by your hosting provider as default. However, some of these you can change to improve security and accessibility to your website.

HTTP Header Description
Content-Encoding The content-encoding is optional and specifies the type of compression of the page. Typically, this will be set to gzip.
Content-Type The content-type is essential and tells the browser the type of file. Browsers do not use the file extensions for this purpose. If it is unclear what the content-type is then some browsers will use MIME sniffing to detect it.
Content-Security-Policy The content-security-policy header is optional and controls the resources the user-agent is allowed to load.
Referrer-PolicyCode The referrer-policy header is optional and specifies when to pass a referrer header and what information to send.
Keep-Alive The keep-alive header is optional and controls how long a connection will be kept alive. It helps with improving load speed by keeping connections open longer.
X-Frame-Options The X-Frame-Options header is optional and controls whether browsers should render objects inside <frame, <iframe>, <embed> and <object> tags.
X-Content-Type-Options The X-Content-Type-Options header is optional and specifies that the content types are as specified. This prevents MIME sniffing from trying to detect content types.
X-XSS-Protection The X-XSS-Protection header is optional and prevents pages from loading when cross-site scripting attacks are detected. It is a useful feature for users on older browsers that do not handle this.
Strict-Transport-Security The Strict-Transport-Security header is optional and specifies forces HTTPS connection for some time.
Status Code The status header is essential and specifies the status code of the page.
X-Robots-Tag The X-Robots-Tag is optional and specifies how a page is supposed to be indexed by a search engine.
X-Powered-By The X-Powered-By header is optional and specifies the version of PHP in use. It is useful when auditing a website to know whether the PHP is up-to-date.