April 2010 Archives

While I'm always learning more about HTTP (albeit slowly), and I've only got a paltry 7 [1] or so of its status codes memorized, HTTP is part of my day job as a tester on the Web QA team here at Mozilla, so I've found tools, such as Live HTTP Headers, immensely useful.

HTTP headers (yeah, there are a ton) are essentially the core of HTTP requests, except for the payload--the actual content. (I hope I'm getting all this right!) Headers are primarily useful for debugging, but they can also be informational; let's take a look at some AMO headers and see just how.

Here's a URL that every Firefox build has pre-bookmarked, by default: https://addons.mozilla.org/en-US/firefox/bookmarks/.

If you load that URL, you'll notice that you end up at https://addons.mozilla.org/en-US/firefox/browse/type:1/cat:22/sort:popular, instead; what happened?

If you install Live HTTP Headers, and invoke it via Tools | Live HTTP Headers, you'll see a "Headers" tab. Notice that the "Capture" checkbox is enabled by default; if you have GMail or some other AJAXy sites in the background, you're probably going to want to close them while you capture headers (or risk drowning in information overload).


Since it's already shown above, I'll snip much of the header info, but with Live HTTP Headers capturing, and Firefox loading https://addons.mozilla.org/en-US/firefox/bookmarks/, you should see this request:


GET /en-US/firefox/bookmarks/ HTTP/1.1

... (followed by a bunch of headers)

HTTP/1.1 302 Found

Server: Apache

X-Backend-Server: pm-app-amo11

Content-Type: text/html; charset=UTF-8

Date: Tue, 20 Apr 2010 06:44:20 GMT

Location: https://addons.mozilla.org/en-US/firefox/browse/type:1/cat:22/sort:popular

Let's break it down, line by line:

  1. HTTP/1.1 302 Found - We're using the 1.1 version of the HTTP protocol, and the server responded to our request for https://addons.mozilla.org/en-US/firefox/bookmarks/ by telling us--via the 302 status code--that the resource has moved (if it were in its usual place, it would return a 200 OK).
  2. Server: Apache - pretty self-explanatory; for whatever reason, we're not echoing out the version, or mods (some sites go crazy and tell you most everything: Apache/2.2.11 (Unix) modssl/2.2.11 OpenSSL/0.9.8i DAV/2 modauthpassthrough/2.1 modbwlimited/1.4 FrontPage/
  3. X-Backend-Server: pm-app-amo11 - this is a custom header that tell WebDev, IT, and QA which of our many AMO servers served up this particular request; if we ever have a problem with a particular instance (it happens), we can quickly pinpoint it down to, say, outdated templates, borked Memcached data, or, perhaps, the server itself has connectivity issues or a failing cron job, etc.
  4. Date: Tue, 20 Apr 2010 06:44:20 GMT - self-explanatory (but useful to know how the server's clock is set -- again, rogue cron jobs could be in play if a system clock is off).
  5. Location: https://addons.mozilla.org/en-US/firefox/browse/type:1/cat:22/sort:popular - the meat of the response; this is to where the server redirects your browser.

This post is already a little "long in the tooth," but for what else have we used this tool?

  • To diagnose caching problems with our web-caching/load-balancing infrastructure (Zeus, Netscaler), since we output the caching server's hostname/number via X headers
  • Or, even, to determine which files are getting cached; we use EdgeCast on GetPersonas.com and Mozilla.com, so along with View | Page Source, in the case where we use a special subdomain, such as mozcom-cdn.mozilla.net, to serve images, HTML, JavaScript, and CSS, we sometimes have to rely on headers, when resources are aliased/remapped.
  • To determine whether files are getting sent as the right content type; I've used this to file bugs on JSON files that weren't the right content type.
  • To help test against CRSF vulnerabilities, by ensuring that only valid tokens are accepted (you can manipulate data using Live HTTP Headers, but I usually use another excellent add-on, TamperData, for that).
  • Sometimes we put the version of PHP in there, too: X-Powered-By: PHP/5.2.9; useful if you're dealing with a cluster of servers, and not all have the same version of PHP (or, collectively, they're behind a version or two -- it happens).

If you're interested in web testing, or are just interested in learning more about the web and how it works in general, you might want to take a further look at HTTP, Live HTTP Headers and status codes; you'll be amazed how much you can learn pretty quickly.

And, if you do have questions, or are interested in learning more, stop by our IRC channel and say "Hi" (contact info here); we always appreciate web testers! We have many ways you can contribute, so don't be shy!

[1] Status codes I see frequently: 200, 301, 302, 304, 401, 403, 500

Marcis G has translated my article into Belorussian; thanks, Marcis!

About this Archive

This page is an archive of entries from April 2010 listed from newest to oldest.

November 2009 is the previous archive.

May 2010 is the next archive.

Find recent content on the main index or look in the archives to find all content.


Powered by Movable Type 5.12