No http version found in request header in Chrome - google-chrome

When I inspect my site in Google Chrome, I didn't find the http version(1.1 or 2.0) in request header, Did I miss any settings?
This is want I wonder to see(HTTP/1.1 200 OK)

Here is an optian, right click on response column, and select protocal.
and h2 means http2 here.

Related

Will a web browser ever send a request with the Transfer-Encoding header?

Note
This question is about requests with the Transfer-Encoding header, not responses
Yes, requests can use the Transfer-Encoding header
Transfer-Encoding is a general-header
Requests may use general-headers
One could implement a web browser that does anything, but for the purposes of this question, please limit the definition of "web browser" to Google Chrome, Mozilla Firefox, Microsoft Edge, and Apple Safari.
Background
For XMLHttpRequest, Transfer-Encoding is a forbidden header name
For fetch, Transfer-Encoding is a forbidden header name
For links or forms in HTML, there is no explicit reference to Transfer-Encoding in [the HTML standard] (https://html.spec.whatwg.org/)
It's not an authoritative source, but the PortSwigger article on request smuggling states that "Browsers do not normally use chunked encoding in requests, and it is normally seen only in server responses."
The only reference I've been able to find that might use Transfer-Encoding is Chrome-specific, is behind an experimental flag, and requires a second, non-standard flag to enable it for HTTP/1.1
Question
Is there a case (or cases) where a web browser will make a request with the Transfer-Encoding header?
I have been researching this topic recently and my understanding is that this is currently not supported by any major browser, but it is work-in-process.
The Chrome experiment is a first try to see how it will play out in web-world as it seems there are quite some edge cases that could go wrong with the complex web infrastructure there is out there (load balancers, proxies etc).
The main source I have been reading up on this is this fetch's issue about readable stream support, that I recommend to read about if you are interested.

I have https on my page but Chrome says it is not secure

I have https on my page but Chrome says it is not secure. I dont understand what is wrong. Look at the screenshot.
You are loading an image over HTTP and so the content is mixed causing the warning.
The image in question is dark-grey-tile.png it's coming from http://plugins.jquery.com/jquery-wp-content/themes/jquery/images/dark-grey-tile.png note the http here - not https

In Chrome extension, is it possible to get the original HTTP response body before it is being parsed by the browser?

When an HTTP response is received by the browser, the browser changes it during the parsing. Namely, the page as it presented is not completely identical to the body of the HTTP response.
My questions:
Is it possible for Chrome extension to get the original HTTP response body before it is being parsed by the browser?
Is it possible to do this in other browsers?
Is it possible to do this using plugins?
If there are examples, I will be glad to get them or references to them.
Thanks!

chrome: CORS prefly request: status 405

I'm developing a ionic app and I need to make some CORS requests for dev purpose.
I use chrome v49 with -disable-web-security. I also use an .htcacces to allow OPTIONS request.
But i still get an error 405.
Chrome header sum'up
Try adding the chrome Extension Allow-Control-Allow-Origin: * from chrome webstore , enable
cross-origin resource sharing
from its option, then reload the page
Thanks for your answer. We already tried that but it did not succeed either.
The problem was server side. We used symphony witch refuse everything with is rly strict policy. To solve this we used NelmioCorsBundle.

HTTP header to detect a preload request by Google Chrome

Google Chrome 17 introduced a new feature which preloads a webpage to improve rendering speed upon actually making the request (hitting enter in the omnibar).
Two questions:
Is there a HTTP header to detect such a request on server side, and if one actually exists what is the proper response in order to prevent such preloading (to prevent unintended requests which might have unwanted effects)?
Does Google Chrome check the robots.txt before making preload requests?
Is there a robots.txt setting which targets only this specific behaviour? (I supose/hope disallow already works).
Is there a meta tag to inform Google Chrome to never preload again on the current domain?
When Firefox pre-fetches content (at the behest of the referrer page’s
markup), it sends the following header with the request: X-moz:
prefetch
Safari does similarly, using: X-Purpose: preview. According to this
ticket , Chrome does, too.
For pre-rendering, Chrome does not send any header whatsoever to the
client. Instead, one must use the Page Visibility API, in JS
source, additional reading
Chrome stopped sending X-Purpose header in 2011 and they stated that they won't fix it there: https://code.google.com/p/chromium/issues/detail?id=86175.
They re-introduced sending Purpose:prefetch headers with all nostate-prefetch requests back in 2018 as stated by the last comment on this issue. https://bugs.chromium.org/p/chromium/issues/detail?id=86175#c65