Live HTTP Headers Equivalent for IE or Edge 2016

Over the years, my Live HTTP Headers Equivalent for IE post has pretty consistently gotten a few hits a month. Maybe that is because Google still ranks it #2 behind a StackOverflow post from 2010. I decided to update it since the post is from 2007 and what is available has changed.

The original issue was end users having a problem downloading office files from our web site. The issue only happened in IE, so we could not get them to look at headers using Firefox to diagnose the problem. The users did not want to use Firefox or maybe could not at work environments not allowing them to install alternative browsers.

Maybe – Free

Sorted in order I’d probably recommend.

  1. F12 Developer Tools (for Edge; IE Developer Tools) – looks very much like the Web Developer tools for Firefox and Chrome. The Network tab captures which pages are taking forever to load. Click on a specific request displays the request and response headers.
  2. iehttpheaders – Dunno if much has changed, but this was the better of the two from the original 2007 post.

No Way – Free

These are too scary or complicated to be something I would want to have to walk end users through using. Fine for power users, but not my purpose.

  • Fiddler – disappointed the logo is not a crab. Listens in the background and captures all browsers. All our stuff has encrypted traffic which Fiddler can only see by installing a CA called DO_NOT_TRUST, which there is no way I am going to ask clients to do.
  • Wireshark – probably okay for a power user, but not most people in the general public.

No Way – Paid

Not really useful for my purposes because this was about having end users install something to help us figure out the source of their trouble.

  • DebugBar HTTPTab – Looks viable, but it is essentially the same as the F12 Developer Tools. Has issues with other integrations.
  • HTTP Debugger – Sniffs all HTTP traffic.
  • HttpWatch – free version only works with well known sites. Have to get paid version to see our stuff.
  • HTTP Analyzer – trial version. Has a warning the technology it uses likely causes antivirus software to think it is malicious software. Difficult to explain to users, hey, use this thing your computer will likely complain is a virus.
  • IEWatch – IE plugin. Ancient and has not been actively developed in 9 years. Newest OS reported to support is Windows Vista, so it might have issues with more recent ones like 8 and 10?

IE and IQ

A friend posted the Internet Explorer users ‘have below-average IQ’ story on Google+. On the one hand, I love the idea of bashing IE users as incapable computer users who ought to get off the Internet. But then my Psychology background screams at this study as generally worthless. The lack of a statistical analysis ought to be another huge red flag.

I generally think an overall WAIS-IV score is mostly meaningless for something like this. IQ is a measure of skills. The typical use of intelligence is capacity instead. The skill set scores of WAIS like Similarities, Block Design, Sequencing, or Coding would at least indicate where are the differences and give better meaning. My favorite part of What is Intelligence? covered which of these are improving and possibly why.

Age is an obvious factor for which they should have controlled. It was even data they collected. The Flynn Effect demonstrates there are IQ changes over time. If the rumors are true that older Internet users are the most likely to use a default web browser, then that could be a very important factor muddling these results. Correcting for age might dramatically change these results.

Location could also be very important. A work computer might be locked down so the user is not taking the test on their preferred browser.

Browser Checker Inconsistent With Bb Wiki

The below text is from a ticket I opened with Blackboard this morning.

I used this unix command to dump a list of all supported browsers from the browserchecker.xml.

grep -A 1 ‘supported=”true”‘ serverconfs/browserchecker.xml | grep descript | awk -F\> ‘{print $2}’ | awk -F\< ‘{print $1}’

The list of supported browsers does not match the list of supported browsers at Supported Technologies Vista 8.0 SP4+Re-Release which means users of unsupported browsers are not getting alerted to the fact they are using an unsupported browser.

This specifically arose because I’ve been depending on the wiki to describe which browsers are supported in my work for [ticket number]. Several recent cases I’ve reviewed were IE7 which the wiki says is unsupported on Vista 8.0.4. The browser checker says it is supported.

Here is the full list of supported browsers according to the browserchecker.xml file. Those in bold are supported according to the supported technologies wiki entry in the above link. By my count that is 6 supported out of the 22 listed. (Actually it is 46 listed but I consolidated those in the same version.) My favorite on the list is Netscape Navigator 5 which was never actually released for the general public.

Netscape Navigator 5.x

Netscape Navigator 7.x

Microsoft Internet Explorer 5.1 (Mac OS)

Microsoft Internet Explorer 5.2 (Mac OS)

Microsoft Internet Explorer 5.5

Microsoft Internet Explorer 6.0

Microsoft Internet Explorer 7.0 (only on Windows Vista)

Microsoft Internet Explorer 8.0

AOL Version 5.x(MAC)

AOL Version 9.x

AOL for Mac OS X

Safari Version 1.2

Safari Version 1.3.x

Safari Version 2.x

Safari Version 3.x

Safari Version 4.x

Mozilla Version 1.7

Firefox Version 1.0

Firefox Version 2.0

Firefox Version 3.0

Firefox Version 3.5

Firefox Version 3.6

Report Just Usernames

Occasionally I’ll want to see the usernames who use something like a user-agent property or were doing something during a range of time. Rather than report all the log lines and pick them out of the data, I use this which Blackboard (or maybe BEA added).

Note  we’ve added user-agents to the webserver.log. The double quote I use as my delimiter in the awk is from us adding the user-agent to the webserver logs.If you have not set up your logs to use this, then you’ll either need to do so or figure out which position is appropriate for you with a space delimiter. The colon in the second awk is where just after the username the log records the reads and writes to the database.

| awk -F\” ‘{print $3}’ | awk -F\: ‘{print $1}’ | sort | uniq

An example usage is a case was escalated to me where a student had trouble taking an assessment. That student was, of course, using Internet Explorer 7, a web browser which prior CE/Vista 8.0.4 was supported. Now it is not. (Could be likely this is reason Blackboard stopped supporting in.) So I was curious how many users are still trying to use this browser.

Useful User Agents

Rather than depend on end users to accurately report the browser used, I look for the user-agent in the web server logs. (Yes, I know it can be spoofed. Power users would be trying different things to resolve their own issues not coming to us.)

Followers of this blog may recall I changed the Weblogic config.xml to record user agents to the webserver.log.

One trick I use is the double quotes in awk to identify just the user agent. This information is then sorting by name to count (uniq -c) how many of each is present. Finally, I sort again by number with the largest at the top to see which are the most common.

grep <term> webserver.log | awk -F\” ‘{print $2}’ | sort | uniq -c | sort -n -r

This is what I will use looking for a specific user. If I am looking at a wider range, such as the user age for hits on a page, then I probably will use the head command to look at the top 20.

A “feature” of this is getting the build (Firefox 3.011) rather than just the version (Firefox 3). For getting the version, I tend to use something more like this to count the found version out of the log.

grep <term> webserver.log | awk -F\” ‘{print $2}’ | grep -c ‘<version>’

I have yet to see many CE/Vista URIs with the names of web browsers. So these are the most common versions one would likely find (what to grep – name – notes):

  1. MSIE # – Microsoft Internet Explorer – I’ve seen 5 through 8 in the last few months.
  2. Firefox # – Mozilla Firefox – I’ve seen 2 through 3.5. There is enough difference between 3 and 3.5 (also 2 and 2.5) I would count them separately.
  3. Safari – Apple/WebKit – In searching for this one, I would add to the search a ‘grep -v Chrome’ or to eliminate Google Chrome user agents.
  4. Chrome # – Google Chrome – Only versions 1 and 2.

Naturally there many, many others. It surprised me to see iPhone and Android on the list.

Recap of Vista Stuff

It has been a hectic week. A recap…

Java certificate fix – Yesterday, August 23rd, the certificate distributed in various Java applets expired. The community discovered the issue and informed Blackboard who put out a fix for the more current products on August 15th. Many customers are leery of having such little lead time to test, verify, and install a fix. Well, Vista 3.0.7.17 was also reported to have the problem, but Blackboard didn’t provide a fix until the 20th after I got my TSM to verify it really still is a problem on the 18th. (The corrected 3.0.7.17.8 version was provided August 21st. Why is in the next paragraph.)

The fix for Vista 3 required us to be on 3.0.7.17.8 (hotfix 8 which we had not yet applied), had references to the “webctapp” directory (in Vista 3 it is applications), and distributed a webct.sh script to add updateWar which didn’t work with Vista 3. FAIL. Thankfully we have modified War files in the past, so adding the updates was more work and accomplished before Blackboard provided a corrected version.

To see the Java certificates in Windows: Control Panel > Java > Security > Certificates. The Blackboard ones are verified by Thawte (the Certificate Authority). The old one is issued to Blackboard. The new one is issued to dc.blackboard.com.

Vista 3.0.7.17.8 – This hotfix was released a couple weeks ago. However, since the priority has been the migration to Vista 8, this was on hold. The previous problem made us step up and throw this into production. The testers went to heroic efforts to get this and the certifcate fix tested. Testing was mixed.

  1. Losing session cookie because of Office 2007 in Internet Explorer. Happened less often post fix, but still happens in some cases.
  2. Autosignon MAC2. Mode to allow insecure MAC works to give the one school using it time to correct update their portal to use MAC2. Originally the plan was to let them work out MAC2 in test.

Slammed by our users…

  1. systemIntegrationApi.dowebct – The school using the autosignon wanted to have the correct consortiaId to create the MAC. Some time back in January they started calling this any time users tried to login because a handful (guess was ~12) have had their username changed. So the autosignon failed. Yes, they were sent us 25,000 requests in a busy day (about 20% of the queues were working on these during the day) to handle potential 12 problems in a term. FAIL.
  2. pmSelfRegister.dowebt – One of the clusters started to have issues. Two nodes went crappy. I looked at the Weblogic console and found all of the failing nodes had no free spots in the queues. 90% of the queues were working on these. Much of this is because the requests were hanging around for at least 4800 seconds (an hour is 3600 seconds). At about 6000 seconds the cluster recovered when the queues cleared.I think the queues cleared because I changed to false a couple settings:
    • Allow users to register themselves as a Student in a section = false
    • Allow users to register themselves as an Auditor in a section = false

    As I recall, we only had about 22 queue spots open (out of 308) across the whole cluster. We got lucky.

Upgrade, Upgrade, Upgrade

Be more secure! Upgrade today.

Want better functionality? Upgrade today.

Save a developer! Upgrade today.

The save a developer thing is the impetus for this post.

The upgrade today mantra annoys me.

  1. Software rarely spends enough time in alpha and beta cycles to to identify all the issues.
  2. People have been so burned by using software in alpha and beta cycles, they are hesitant to try upgrades and help determine the issues.
  3. This lack of attention to the problems ensure, versions 1.0, 2.0, n.0 typically have a ton of unknown problems or are even less secure at times.

Unfortunately, the vendor who makes the application platform we run, Blackboard, has a philosophy to look at new web browsers while they are in beta but not actually work towards fixes for the new browsers until after the products are released. With most releases of Java or supported web browsers (Internet Explorer or Mozilla Firefox), Blackboard heard the complaints by the early adopters and released within a couple months an update which resolved the reported issues.

The students and faculty members fail to understand the issue. I think I do. Blackboard (like WebCT prior) understands there are differences between beta and final. Some of us argue these differences are usually minor. However, this is all asking someone to predict the future which we know is haphazard at best.

Long alpha and beta cycles allow more users to get involved, give those back to the developers, have them fixed before the version release. Burning users with buggy software ensures their lack of faith.

Live HTTP Headers Equivalent for IE

UPDATED: The below content is outdated due to being ancient. This post will stick around to help people get to the new version: Live HTTP Headers Equivalent for IE or Edge 2016



I looove the Live HTTP Headers extension for Firefox. (Yes, I will marry it some day.) It works beautifully and always gives me what I want.

So we have this issue of people experiencing an issue of downloading office files from Vista. From the conversation we know the problem occurs with:

  1. Microsoft Windows XP and Vista
  2. Microsoft Internet Explorer 6 and 7
  3. Microsoft Office 2007 and maybe 2003

So Firefox is unaffected and behaves as expected (a Microsoft Engineer told us because Firefox is less secure?). The Live HTTP Headers will not help diagnose because Firefox works. Oh… And the solution of “Use Firefox” has been rejected by the affected parties. So, we need an equivalent for MS IE to get our users to install.

There are a couple equivalents for Live HTTP Headers for Internet Explorer:

  1. iehttpheaders has major issues with anti-virus software. I’ve never gotten iehttpheaders to install and or run with McAfee installed (even disabled). I don’t know market share of anti-virus vendors, but I’d bet McAfee is pretty common.
  2. IEWatch is more for web designers and gives way more info than just the headers because it has a broader purpose. Plus its not free. I don’t feel comfortable telling people to install something they are going to have to eventually buy even if they only need it for a couple days.

I don’t think either will meet my needs. 🙁

One of the reasons I want the headers is because I am biased. I trust what the browsers say more than I trust end user recollections. Probably its because I read web logs too much.

Ready to Switch?

I was disappointed the only IE competitor mentioned was Firefox. Opera, Safari, and Netscape are well known enough that it would behoove a more balanced view to mention them as well.

My only use of IE lately is replicating a user problem I can’t replicate in Firefox and the very, very infrequent case a web site site doesn’t work in Firefox or Netscape. 🙁 Quite frankly, it scares me to surf with IE. Of course, I am the person my friends call about cleaning up their computer when it runs slow because it is a computer virus, spyware, and adware infested mess. So my fears are based on the horror of cleaning up the after effects of using IE.

Internet Explorer Unsafe for 284 Days in 2006 – Security Fix

For a total 284 days in 2006 (or more than nine months out of the year), exploit code for known, unpatched critical flaws in pre-IE7 versions of the browser was publicly available on the Internet. Likewise, there were at least 98 days last year in which no software fixes from Microsoft were available to fix IE flaws that criminals were actively using to steal personal and financial data from users.

In a total of ten cases last year, instructions detailing how to leverage “critical” vulnerabilities in IE were published online before Microsoft had a patch to fix them.

Microsoft labels software vulnerabilities “critical” — its most severe rating — if the flaws could be exploited to criminal advantage
without any action on the part of the user, or by merely convincing an IE user to click on a link, visit a malicious Web site, or open a
specially crafted e-mail or e-mail attachment.

The small mention of competitors:

In contrast, Internet Explorer’s closest competitor in terms of market share — Mozilla’s Firefox browser — experienced a single period lasting just nine days last year in which exploit code for a serious security hole was posted online before Mozilla shipped a patch to remedy the problem.

Technorati Tags: , , , , , , , ,