I am in doubt if I have my cache enabled. It thought I did, but Google Speed Test tells me it's not and so does the 'seositecheckup'-test. These are the HTTP Headers:
HTTP/1.1 200 OK
Date: Tue, 13 May 2014 15:33:37 GMT
Server: Apache/2.2.26 (Unix) mod_ssl/2.2.26 OpenSSL/1.0.1e-fips mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.4.24
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: TCT_SESS=412bfe220023a4bf9b1233f24748796b; path=/; domain=.asecret.nl
Cache-Control: max-age=86400, public
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 14540
Connection: close
Content-Type: text/html
Both the expires_module and the headers_module are loaded and in WHM in my pre-main-include (should put the text at the top of the httpd.conf) I have this:
# 1 DAY
<FilesMatch "\.(html|htm|php|cgi|pl|css|js)$">
Header set Cache-Control "max-age=86400, public"
</FilesMatch>
# 1 MONTH
<FilesMatch "\.(jpg|jpeg|png|gif|swf)$">
Header set Cache-Control "max-age=2630000, public"
</FilesMatch>
I'm confused, is it enabled, or is it not?
Related
i have set up the following in my nginx site config:
server {
...
add_header Referrer-Policy "no-referrer" always;
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Xss-Protection "1; mode=block" always;
...
}
but if i have a look at my side i only see two of five headders
HTTP/2 200
server: nginx
date: Fri, 06 Apr 2018 08:58:49 GMT
content-type: text/html; charset=utf-8
content-length: 114649
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
last-modified: Fri, 06 Apr 2018 08:58:49 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: private, no-cache, max-age=0
set-cookie: __Secure-anzah_csrf=Fmv0S0-WCZwP5fy5; path=/; secure
set-cookie: __Secure-anzah_session=IxXVlychxqE2F4lXUwW79gKwrxiTlhuQ; path=/; secure; HttpOnly
cache-control: private, no-cache, max-age=0
does anyone know what could be the cause?
I set the cookie in the response header at below
HTTP/1.1 200 OK
X-Powered-By Express
Access-Control-Allow-Origin http://xx.xx.xx.xx:8080
Access-Control-Allow-Headers X-Requested-With
Access-Control-Expose-Headers Set-Cookie
Set-Cookie name=tom; Path=/
Set-Cookie _id=j%3A%2255dd7fcf5aef5fd13f6a2621%22; Max-Age=720; Domain=xx.xx.xx.xx; Path=/; Expires=Fri, 28 Aug 2015 07:13:12 GMT; HttpOnly
Set-Cookie token=cd279529eb6868ba0cca2aed24690bf6; Max-Age=720; Domain=xx.xx.xx.xx; Path=/; Expires=Fri, 28 Aug 2015 07:13:12 GMT; HttpOnly
Content-Type application/json; charset=utf-8
But I cannot see the cookies are stored in my browser
The following URL was posted in another question.
Using wget you get the csv file as expected, but curl ends up redirected you to something different. I was wondering what the differences are between the two commands or how to get the same result in curl.
wget
wget --output-document=test.csv --no-check-certificate 'https://docs.google.com/spreadsheet/ccc?key=0At2sqNEgxTf3dEt5SXBTemZZM1gzQy1vLVFNRnludHc&output=csv'
curl
curl --location --insecure --output test.csv 'https://docs.google.com/spreadsheet/ccc?key=0At2sqNEgxTf3dEt5SXBTemZZM1gzQy1vLVFNRnludHc&output=csv'
Updated with header information
header comparison
wget 1
--2014-07-03 09:54:30-- https://docs.google.com/spreadsheet/ccc?key=0At2sqNEgxTf3dEt5SXBTemZZM1gzQy1vLVFNRnludHc&output=csv
Resolving docs.google.com... 74.125.226.98, 74.125.226.100, 74.125.226.102, ...
Connecting to docs.google.com|74.125.226.98|:443... connected.
HTTP request sent, awaiting response...
HTTP/1.1 302 Moved Temporarily
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Date: Thu, 03 Jul 2014 13:54:30 GMT
X-Robots-Tag: noindex, nofollow, nosnippet
Location: https://www.google.com/url?q=https://docs.google.com/spreadsheet/ccc?key%3D0At2sqNEgxTf3dEt5SXBTemZZM1gzQy1vLVFNRnludHc%26output%3Dcsv%26pref%3D2&sa=p
Set-Cookie: NID=67=D4vu38cFuNFB-qdFSdaVBpLKJ94VcnpcVDfEpoyECGG-EesJlxBW4Rwb-AA-XAF7ztGOAIzx3u2YYqwRlt516cv3i6jSa9Pazf3uK-hyR5p5QoEYaZ-MqRpj9H_utLwU;Domain=.google.com;Path=/;Expires=Fri, 02-Jan-2015 13:54:30 GMT;HttpOnly
P3P: CP="This is not a P3P policy! See http://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Server: GSE
Alternate-Protocol: 443:quic
Transfer-Encoding: chunked
Location: https://www.google.com/url?q=https://docs.google.com/spreadsheet/ccc?key%3D0At2sqNEgxTf3dEt5SXBTemZZM1gzQy1vLVFNRnludHc%26output%3Dcsv%26pref%3D2&sa=p [following]
curl 1
HTTP/1.1 302 Moved Temporarily
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Date: Thu, 03 Jul 2014 13:59:48 GMT
X-Robots-Tag: noindex, nofollow, nosnippet
Location: https://www.google.com/url?q=https://docs.google.com/spreadsheet/ccc?key%3D0At2sqNEgxTf3dEt5SXBTemZZM1gzQy1vLVFNRnludHc%26output%3Dcsv%26pref%3D2&sa=p
Set-Cookie: NID=67=QTFWWFkySepW985crZ2dZk1JfQ8gGj_H59HwYp-SMcOvYl0J4JU3VfDGCqppxFcEPt-e48qr0yJOx2ImUKH65LlgvuLyF3Ec842bPFq-BFg9a7YWEP_5Uq8YJrJ58taL;Domain=.google.com;Path=/;Expires=Fri, 02-Jan-2015 13:59:48 GMT;HttpOnly
P3P: CP="This is not a P3P policy! See http://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Server: GSE
Transfer-Encoding: chunked
wget 2
--2014-07-03 09:54:30-- https://www.google.com/url?q=https://docs.google.com/spreadsheet/ccc?key%3D0At2sqNEgxTf3dEt5SXBTemZZM1gzQy1vLVFNRnludHc%26output%3Dcsv%26pref%3D2&sa=p
Resolving www.google.com... 74.125.225.144, 74.125.225.145, 74.125.225.148, ...
Connecting to www.google.com|74.125.225.144|:443... connected.
HTTP request sent, awaiting response...
HTTP/1.1 302 Found
X-Frame-Options: ALLOWALL
Location: https://docs.google.com/spreadsheet/ccc?key=0At2sqNEgxTf3dEt5SXBTemZZM1gzQy1vLVFNRnludHc&output=csv&pref=2
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Set-Cookie: PREF=ID=1f6208c8ba0c71f9:FF=0:TM=1404395670:LM=1404395670:S=HaS679Z5xbmJBKs7; expires=Sat, 02-Jul-2016 13:54:30 GMT; path=/; domain=.google.com
Date: Thu, 03 Jul 2014 13:54:30 GMT
Server: gws
Content-Length: 311
X-XSS-Protection: 1; mode=block
Alternate-Protocol: 443:quic
Location: https://docs.google.com/spreadsheet/ccc?key=0At2sqNEgxTf3dEt5SXBTemZZM1gzQy1vLVFNRnludHc&output=csv&pref=2 [following]
curl 2
HTTP/1.1 302 Found
X-Frame-Options: ALLOWALL
Location: https://docs.google.com/spreadsheet/ccc?key=0At2sqNEgxTf3dEt5SXBTemZZM1gzQy1vLVFNRnludHc&output=csv&pref=2
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Set-Cookie: PREF=ID=432f03534cff2fd2:FF=0:TM=1404395989:LM=1404395989:S=1NwOiUYJQYKfn6qF; expires=Sat, 02-Jul-2016 13:59:49 GMT; path=/; domain=.google.com
Set-Cookie: NID=67=EjeYW1PP63Nxk5upQVhEVreT_prZXQYQy4WVKZCHkY3cXffcTWyvXIJkt4Tg07LUoHo3GSkEg6qDh5ff5ESGhksbjT50ytYRd0SyKp7quyorpbT4GMhnbORlkFfTNdRc; expires=Fri, 02-Jan-2015 13:59:49 GMT; path=/; domain=.google.com; HttpOnly
P3P: CP="This is not a P3P policy! See http://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
Date: Thu, 03 Jul 2014 13:59:49 GMT
Server: gws
Content-Length: 311
X-XSS-Protection: 1; mode=block
Alternate-Protocol: 443:quic
wget 3
--2014-07-03 09:54:31-- https://docs.google.com/spreadsheet/ccc?key=0At2sqNEgxTf3dEt5SXBTemZZM1gzQy1vLVFNRnludHc&output=csv&pref=2
Connecting to docs.google.com|74.125.226.98|:443... connected.
HTTP request sent, awaiting response...
HTTP/1.1 302 Moved Temporarily
Content-Type: text/html; charset=UTF-8
Location: https://docs.google.com/spreadsheet/ccc?key=0At2sqNEgxTf3dEt5SXBTemZZM1gzQy1vLVFNRnludHc&output=csv
Date: Thu, 03 Jul 2014 13:54:31 GMT
Expires: Thu, 03 Jul 2014 13:54:31 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Alternate-Protocol: 443:quic
Transfer-Encoding: chunked
Location: https://docs.google.com/spreadsheet/ccc?key=0At2sqNEgxTf3dEt5SXBTemZZM1gzQy1vLVFNRnludHc&output=csv [following]
curl 3
HTTP/1.1 302 Moved Temporarily
Content-Type: text/html; charset=utf-8
Location: https://www.google.com/accounts/ServiceLogin?service=wise&passive=1209600&continue=https://docs.google.com/spreadsheet/ccc?key%3D0At2sqNEgxTf3dEt5SXBTemZZM1gzQy1vLVFNRnludHc%26output%3Dcsv%26pref%3D2&followup=https://docs.google.com/spreadsheet/ccc?key%3D0At2sqNEgxTf3dEt5SXBTemZZM1gzQy1vLVFNRnludHc%26output%3Dcsv%26pref%3D2<mpl=sheets
Content-Length: 2270
Set-Cookie: NID=67=NdTD41weGlHPUtsUMwF0a7ugZ5Hfof3Q8CFsy2gQcJuBaH8ugZIYppe2PWWhP5fEMtdToEi76-lQH_lAJUeLEkNo1nObesgzEnSSg3HEJeb-5vYrAs4fwR7bM7Ourxeh;Domain=.google.com;Path=/;Expires=Fri, 02-Jan-2015 13:59:49 GMT;HttpOnly
P3P: CP="This is not a P3P policy! See http://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
Date: Thu, 03 Jul 2014 13:59:49 GMT
Expires: Thu, 03 Jul 2014 13:59:49 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
wget 4 (final)
--2014-07-03 09:54:31-- https://docs.google.com/spreadsheet/ccc?key=0At2sqNEgxTf3dEt5SXBTemZZM1gzQy1vLVFNRnludHc&output=csv
Reusing existing connection to docs.google.com:443.
HTTP request sent, awaiting response...
HTTP/1.1 200 OK
Content-Type: text/csv; charset=utf-8
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Date: Thu, 03 Jul 2014 13:54:31 GMT
X-Robots-Tag: noindex, nofollow, nosnippet
Content-Disposition: attachment; filename="Download Test Spreadsheet.csv"
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Server: GSE
Alternate-Protocol: 443:quic
Transfer-Encoding: chunked
curl 4
HTTP/1.1 302 Moved Temporarily
Content-Type: text/html; charset=UTF-8
Location: https://accounts.google.com/ServiceLogin?service=wise&passive=1209600&continue=https%3A%2F%2Fdocs.google.com%2Fspreadsheet%2Fccc%3Fkey%3D0At2sqNEgxTf3dEt5SXBTemZZM1gzQy1vLVFNRnludHc%26output%3Dcsv%26pref%3D2&followup=https%3A%2F%2Fdocs.google.com%2Fspreadsheet%2Fccc%3Fkey%3D0At2sqNEgxTf3dEt5SXBTemZZM1gzQy1vLVFNRnludHc%26output%3Dcsv%26pref%3D2<mpl=sheets
Content-Length: 556
Date: Thu, 03 Jul 2014 13:59:49 GMT
Expires: Thu, 03 Jul 2014 13:59:49 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Server: GSE
Alternate-Protocol: 443:quic
curl 5 (final)
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Strict-Transport-Security: max-age=10893354; includeSubDomains
Set-Cookie: GAPS=1:v3eXsN1lqmN5ryz1eyf2iMBP2uoIGg:wiYHYyLrGeoRHUfk;Path=/;Expires=Sat, 02-Jul-2016 13:59:49 GMT;Secure;HttpOnly;Priority=HIGH
X-Frame-Options: DENY
Date: Thu, 03 Jul 2014 13:59:49 GMT
Expires: Thu, 03 Jul 2014 13:59:49 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Length: 0
Server: GSE
Alternate-Protocol: 443:quic
a great debugging-technique is to open that link while having the developer toolbar open in chrome and look at the network-tab. all requests in that tab can be right-clicked to show the cURL command to download that information.
in your case, the issue seems to be that wget is handling cookies for you, while cURL does not. this should be easy to fix:
curl 'https://docs.google.com/spreadsheet/ccc?key=0At2sqNEgxTf3dEt5SXBTemZZM1gzQy1vLVFNRnludHc&output=csv' --location --cookie tmp.cookie
# Foo,Bar,Baz
# 1,2,3
# 4,5,6
I am testing one application, its containing a header HG-ACL-ID,HG-ACL,HG-USER , i didn't know what are these and use of these. can anybody help me out?
here is the http request and response headers
GET /nanotech-001/human_grading/api/assessments/4/peerGradingSets/latest HTTP/1.1
Host:
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:27.0) Gecko/20100101 Firefox/27.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
HG-ACL-ID: 1
X-CSRF-Token: LBiyM9kSAA8YHlBLUXQM
X-Requested-With: XMLHttpRequest
Referer:
Cookie: csrf_token=LBiyM9kSAA8YHlBLUXQM; __204u=4654485718-1388476789706; __204r=; __utma=158142248.881358618.1388476794.1388827712.1388830229.25; __utmc=158142248; __utmz=158142248.1388830229.25.13.utmcsr=class.coursera.org|utmccn=(referral)|utmcmd=referral|utmcct=/ml-004/quiz/attempt; __qca=P0-349638149-1388488065337; user_segment=Prospect; __utmb=158142248.500.10.1388830229; maestro_login_flag=1; CAUTH=Tb7QI7IfVe7siBPLxl1gjyymwc5qZXAKuH8R2DwINdUKnEqDRZn7C8pf2UUbdhmjeQH18RinYNkf5Em6b7ivzg.fAwaIfFYBb4fhYyga1K5Yw.ph7vJk6hG4RnPeLaJZGnfE0x8hdx_Rr0s3g_cvFDCOJl9kQRVpORQqSuq2PXL5nCNksPrU4m0fClcInHonBoi-P7v3JzWku5Y6_pkV4UWsEZKrx309RwtJGwhDUizW0iw2QVrl8aP9Mik-uSdgE948m2UsS4A-BOoUE-MLnel9YoAMSgtekYmtkT1ucWjNqR
Connection: keep-alive
Response:
HTTP/1.1 403 Forbidden
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Date: Sat, 04 Jan 2014 11:22:45 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
HG-ACL: {"submitting":"ri","training":"id","peerGrading":"i","selfGrading":"i","results":"i","phase":"grading"}
HG-User: {"inSignatureTrack":0}
Pragma: no-cache
Server: nginx
Set-Cookie: csrf_token=LBiyM9kSAA8YHlBLUXQM; expires=Mon, 03-Feb-2014 11:22:45 GMT; path=/nanotech-001
Vary: Accept-Encoding
Vary: Accept-Encoding
X-Powered-By: PHP/5.3.10-1ubuntu3.9
Content-Length: 61
Connection: keep-alive
I'm trying to use nginx to redirect my main page (www.domain.com) to a subdirectory (www.domain.com/store). I have the redirect working, but whenever I use the domain name it will redirect me to the ip address (www.IP.com/store). This is my server nginx config. Thank you in advance for any help!
server {
listen 80 default_server;
server_name *.domain.com;
location / {
index index.php index.html index.htm;
}
location = / {
rewrite ^/store permanent;
}
root /usr/local/www/nginx;
}
You missed a space. rewrite ^/store permanent; will try to match '/store' at the beginning of the uri path (thanks to the ^) and if it matches, it will rewrite it to 'permanent'. Since this is inside location = /, it will never succeed. Instead, you need:
rewrite ^ /store permanent;
Hm, I can't fit this in your post so I figured I should put it here. Is this good practice for stackoverflow? I tried "curl -l" and it just returned the "not found" that I get when it's not redirected. But I used "curl -liL domain.com" and this is what came out.
HTTP/1.1 301 Moved Permanently
Server: nginx/1.2.1
Date: Thu, 05 Jul 2012 17:30:01 GMT
Content-Type: text/html
Content-Length: 184
Location: http://domain.com/store
Connection: keep-alive
HTTP/1.1 301 Moved Permanently
Server: nginx/1.2.1
Date: Thu, 05 Jul 2012 17:30:01 GMT
Content-Type: text/html
Content-Length: 184
Location: http://domain.com/store/
Connection: keep-alive
HTTP/1.1 301 Moved Permanently
Server: nginx/1.2.1
Date: Thu, 05 Jul 2012 17:30:01 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.4.4
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Thu, 05 Jul 2012 17:30:01 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="NON CURa ADMa DEVa TAIa CONi OUR DELa BUS IND PHY ONL UNI PUR COM NAV DEM STA"
Set-Cookie: xid_1f463=9cc017ff6c74884850d5bdfba1bfd5ae; path=/store; domain=IP; httponly
Location: http://IP/store/?xid_1f463=9cc017ff6c74884850d5bdfba1bfd5ae
HTTP/1.1 302 Found
Server: nginx/1.2.1
Date: Thu, 05 Jul 2012 17:30:01 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.4.4
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Thu, 05 Jul 2012 17:30:01 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="NON CURa ADMa DEVa TAIa CONi OUR DELa BUS IND PHY ONL UNI PUR COM NAV DEM STA"
Set-Cookie: xid_1f463=9cc017ff6c74884850d5bdfba1bfd5ae; path=/store; domain=IP; httponly
Location: http://IP/store/?xid_1f463=9cc017ff6c74884850d5bdfba1bfd5ae
HTTP/1.1 301 Moved Permanently
Server: nginx/1.2.1
Date: Thu, 05 Jul 2012 17:30:01 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.4.4
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Thu, 05 Jul 2012 17:30:01 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="NON CURa ADMa DEVa TAIa CONi OUR DELa BUS IND PHY ONL UNI PUR COM NAV DEM STA"
Set-Cookie: xid_1f463=9cc017ff6c74884850d5bdfba1bfd5ae; path=/store; domain=IP; httponly
Location: /store/home.php
HTTP/1.1 200 OK
Server: nginx/1.2.1
Date: Thu, 05 Jul 2012 17:30:02 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.4.4
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Thu, 05 Jul 2012 17:30:01 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="NON CURa ADMa DEVa TAIa CONi OUR DELa BUS IND PHY ONL UNI PUR COM NAV DEM STA"
Set-Cookie: xid_1f463=e7d9abf146153d7a49e3f08bda47c008; path=/store; domain=IP; httponly
Set-Cookie: RefererCookie=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/store; domain=IP; httponly
Set-Cookie: store_language=en; expires=Fri, 05-Jul-2013 17:30:01 GMT; path=/store; domain=IP