Earlier, we saw a screenshot from Chrome's debug tools, showing request and response headers. There is another tool we can use as well--Spring Boot Actuator's trace endpoint.

By visiting http://localhost:8080/application/trace, we can see all the web calls, going back in time. For example, look at this request to negotiate the WebSocket:

    { 
      "timestamp": 1480805242289, 
      "info": { 
        "method": "GET", 
        "path": "/learning-spring-boot/160/ge00bkmu/websocket", 
        "headers": { 
          "request": { 
            "host": "localhost:8080", 
            "connection": "Upgrade", 
            "pragma": "no-cache", 
            "cache-control": "no-cache", 
            "authorization": "Basic Z3JlZzp0dXJucXVpc3Q=", 
            "upgrade": "websocket", 
            "origin": "http://localhost:8080", 
            "sec-websocket-version": "13", 
            "user-agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 
              10_11_5) AppleWebKit/537.36 (KHTML, like Gecko) 
              Chrome/54.0.2840.98 Safari/537.36", 
            "accept-encoding": "gzip, deflate, sdch, br", 
            "accept-language": "en-US,en;q=0.8", 
            "cookie": "SESSION=3f0668ec-d528-43d8-a6e8-87a369571745", 
            "sec-websocket-key": "L8fkEK8VtxXfxx4jBzOC9Q==", 
            "sec-websocket-extensions": "permessage-deflate;  
             client_max_window_bits" 
          }, 
          "response": { 
            "X-Application-Context": "chat:8080", 
            "Upgrade": "websocket", 
            "Connection": "upgrade", 
            "Sec-WebSocket-Accept": "m8xyQSUtHR/qMEUp1xog4wwUS0E=", 
             "Sec-WebSocket-Extensions": "permessage-
              deflate;client_max_window_bits=15", 
             "status": "101" 
          } 
        } 
      } 
    } 

The following are some key bits that can be pointed out in the preceding code:

• The authorization header has a Basic token value, us having logged in
• The cookie is loaded with our SESSION ID
• The upgrade protocol to go from HTTP to WebSocket is evident in the response headers and the 101 status code

Let's look at one more, the request to view our bazinga.png image:

    { 
      "timestamp": 1480805242286, 
      "info": { 
        "method": "GET", 
        "path": "/images/bazinga.png/raw", 
        "headers": { 
          "request": { 
            "host": "localhost:8080", 
            "connection": "keep-alive", 
            "authorization": "Basic Z3JlZzp0dXJucXVpc3Q=", 
            "user-agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 
             10_11_5) AppleWebKit/537.36 (KHTML, like Gecko)
             Chrome/54.0.2840.98 Safari/537.36", 
            "accept": "image/webp,image/*,*/*;q=0.8", 
            "referer": "http://localhost:8080/", 
            "accept-encoding": "gzip, deflate, sdch, br", 
            "accept-language": "en-US,en;q=0.8", 
            "cookie": "SESSION=3f0668ec-d528-43d8-a6e8-87a369571745" 
          }, 
          "response": { 
            "X-Application-Context": "chat:8080", 
            "Date": "Sat, 03 Dec 2016 22:47:21 GMT", 
            "Content-Type": "image/jpeg", 
            "Transfer-Encoding": "chunked", 
            "status": "200" 
          } 
        } 
      } 
    } 

Some interesting fields in the last code include the following:

• The cookie header contains our SESSION ID.
• The authorization header includes the same token.
• The referer header shows the origin of the request as http://localhost:8080/.
• The accept-encoding header indicates the formats that the browser will accept, including zipped images and deflated ones.
• The content-type response header has JPEG, a value we hard-coded into our controller. Since all images get handled by the same part of the browser, it doesn't matter if it's not PNG.

Spring Boot Actuator's trace endpoint will track the last one hundred requests. It's a handy way to peek at past web calls in case you don't have the browser's development tools open at the time.