HTTP Headers Checker
Analyze HTTP response headers and security configuration of any website
Enter URL
Enter a website URL to inspect its HTTP headers
Inspect the HTTP response headers returned by any URL. Check security headers (CSP, HSTS, X-Frame-Options), caching directives, server information, redirect chains, and cookie settings. Essential for web security auditing, performance optimization, and debugging.
Key Features
- ✓All HTTP response headers displayed
- ✓Security header analysis and grading
- ✓Redirect chain following
- ✓Cache header interpretation
- ✓Cookie attribute inspection
- ✓Request and response timing
How to HTTP Header Checker
- 1
Enter a URL
Type the full URL to inspect (e.g., https://example.com).
- 2
View headers
See all HTTP response headers with explanations.
- 3
Check security
Review security header presence and configuration.
Common Use Cases
- •Auditing security headers (CSP, HSTS, X-Content-Type-Options)
- •Debugging caching issues with Cache-Control and ETag headers
- •Tracing redirect chains for SEO and performance
- •Verifying CORS headers for API access
- •Checking cookie security attributes (Secure, HttpOnly, SameSite)
Frequently Asked Questions
What security headers should every site have?▼
At minimum: Strict-Transport-Security (HSTS), Content-Security-Policy (CSP), X-Content-Type-Options, X-Frame-Options, and Referrer-Policy. These prevent common attacks like XSS, clickjacking, and MIME sniffing.
Why is my HSTS header not working?▼
HSTS requires HTTPS. The header is ignored over HTTP. Also ensure the max-age is at least 31536000 (1 year) for HSTS preload eligibility.