HTTP Header Checker
Fetch and display all HTTP response headers for any public URL. Check for security headers (HSTS, CSP, X-Frame-Options), caching headers, CORS, and redirect chains.
Uses a CORS proxy to fetch headers from the browser. For comprehensive header analysis, use tools like securityheaders.com or your browser DevTools.
Frequently Asked Questions
What are HTTP headers?
HTTP headers are key-value pairs sent between a client and server with every request and response. Response headers control caching (Cache-Control), security (HSTS, CSP), content type, cookies, and more. They're visible in browser DevTools under the Network tab.
Which security headers should I have?
The most important are: Strict-Transport-Security (force HTTPS), Content-Security-Policy (prevent XSS), X-Frame-Options (prevent clickjacking), and X-Content-Type-Options (prevent MIME sniffing). Score your site at securityheaders.com for a full audit.