💡 Big News! 🧙 AI Wizard - Instant Page Insights is Here : Explore Smarter, Friendlier Solutions Just for You →
Security
Curl

URL Debugging & Security Testing Commands

1. Basic Header Inspection

Command:

curl -I https://example.com

Example Response:

HTTP/2 200 
date: Thu, 20 Mar 2025 07:14:30 GMT
content-type: text/html; charset=UTF-8
server: nginx
cache-control: max-age=3600
strict-transport-security: max-age=31536000; includeSubDomains; preload

What to Check:

  • Status Code (200, 301, 403, 404, 500, etc.)
  • Content Type (text/html, application/json, etc.)
  • Server (nginx, Apache, cloudflare, etc.)
  • Cache-Control, HSTS, CSP headers

2. Checking Redirects

Command:

curl -IL https://example.com

Example Response:

HTTP/1.1 301 Moved Permanently
Location: https://www.example.com/

What to Check:

  • Ensure HTTPS redirect is in place
  • Check if multiple redirects exist

3. Checking CORS Headers

Command:

curl -I -H "Origin: https://test.com" https://example.com

Example Response:

access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS

What to Check:

  • If CORS is properly configured
  • Avoid Access-Control-Allow-Origin: * for security

4. Checking Cache Headers

Command:

curl -I https://example.com

Example Response:

cache-control: public, max-age=86400
age: 1720
cf-cache-status: HIT

What to Check:

  • Ensure cache rules are properly applied
  • Check cf-cache-status (HIT, MISS, EXPIRED)

5. Checking Content Security Policy (CSP)

Command:

curl -I https://example.com | grep -i "content-security-policy"

Example Response:

content-security-policy: default-src 'self'; script-src 'self' https://trusted.com

What to Check:

  • Ensure only trusted sources are allowed
  • Prevent unsafe-inline for scripts

6. Checking HSTS (Strict Transport Security)

Command:

curl -I https://example.com | grep -i "strict-transport-security"

Example Response:

strict-transport-security: max-age=31536000; includeSubDomains; preload

What to Check:

  • Ensure HSTS is enforced to prevent MITM attacks

7. Checking Remote IP & Server Details

Command:

curl --resolve example.com:443:93.184.216.34 -I https://example.com

Example Response:

HTTP/2 200

What to Check:

  • Verify correct IP resolution
  • Ensure DNS records are updated

8. Checking TLS Certificate Information

Command:

curl --insecure -v https://example.com

Example Response:

* Connected to example.com (93.184.216.34) port 443 (#0)
* SSL certificate verify ok.

What to Check:

  • Ensure SSL certificate is valid
  • Check if issued by a trusted CA

9. Checking Response Time & Performance

Command:

curl -o /dev/null -s -w "%{time_total}\n" https://example.com

Example Response:

0.320

What to Check:

  • Ensure response time is optimized (< 1s preferred)
  • Identify potential server lag

10. Checking HTTP Methods Allowed

Command:

curl -X OPTIONS -I https://example.com

Example Response:

allow: GET, POST, OPTIONS

What to Check:

  • Ensure PUT, DELETE are restricted unless required
  • Limit exposure of unnecessary HTTP methods

11. Checking Open Ports

Command:

nmap -p 80,443 example.com

Example Response:

PORT    STATE SERVICE
80/tcp  open  http
443/tcp open  https

What to Check:

  • Ensure only necessary ports are open
  • Close unused ports to reduce attack surface

12. Checking Who Owns the Domain

Command:

whois example.com

Example Response:

Registrant: Example Corp
Registrar: Namecheap
Expiration Date: 2026-01-01

What to Check:

  • Ensure domain ownership is correct
  • Check expiration dates to avoid downtime

13. Checking Live HTTP Requests in Real-Time

Command:

tail -f /var/log/nginx/access.log

Example Response:

192.168.1.1 - - [20/Mar/2025:07:14:30 +0000] "GET /index.html HTTP/2" 200 1024

What to Check:

  • Monitor real-time traffic for anomalies
  • Identify suspicious requests

14. Checking Server-Side Compression

Command:

curl -I --compressed https://example.com

Example Response:

content-encoding: gzip

What to Check:

  • Ensure GZIP/Brotli compression is enabled for performance

15. Checking Remote Server Details

Command:

curl -v https://example.com

Example Response:

* Connected to example.com (93.184.216.34) port 443 (#0)

What to Check:

  • Confirm server IP & handshake details
  • Identify potential issues in SSL handshake

Conclusion

These commands cover security testing, debugging, and performance checks for URLs. Use them to diagnose issues related to HTTP headers, caching, CORS, CSP, HSTS, SSL, and more. 🚀

Vpn Azure AwsN Map
🧙 AI Wizard - Instant Page Insights

Click the button below to analyze this page.
Get an AI-generated summary and key insights in seconds.
Powered by Perplexity AI!