Inspect all HTTP response headers for any URL. Check security headers, caching policies, and server info.
Server-assisted public lookup
The HTTP Headers Checker fetches the response headers for any URL and displays them in a clean, readable format. HTTP headers are metadata sent by web servers with every response - they control caching, security policies, content type, redirects, cookies, and much more.
Understanding response headers is essential for web development, security auditing, and SEO. Security headers like Content-Security-Policy, X-Frame-Options, Strict-Transport-Security, and X-Content-Type-Options protect against common web attacks. Cache headers like Cache-Control and ETag control how browsers and CDNs cache your content.
Use alongside the SSL Checker to audit HTTPS configuration and the Redirect Checker to trace redirection chains.
Enter a full URL (including https://) and click Check Headers. The tool performs a server-side request and displays all response headers. Security headers are scored and flagged - green for present and correctly configured, amber for present but potentially misconfigured, red for missing.
Common headers to check: Content-Security-Policy (XSS protection), Strict-Transport-Security (force HTTPS), X-Frame-Options (clickjacking protection), Content-Type (MIME type), and Cache-Control (caching behaviour).