What are HTTP headers?

HTTP headers are metadata sent with every web request and response. They control caching, security, content type, redirects, and more.

Which security headers should I check for?

Key security headers include Content-Security-Policy, X-Frame-Options, X-Content-Type-Options, Strict-Transport-Security (HSTS), and Referrer-Policy.

Can I check headers for any URL?

Yes — enter any publicly accessible URL. The tool makes a server-side request and returns all response headers.

HTTP Header Checker — Inspect HTTP Response Headers Online

Check HTTP headers for any URL and inspect response details including status code, security headers, cache headers, and redirects. Free tool, no signup required.

Notes

—Auto mode tries HEAD first for speed, then falls back to GET if the server rejects HEAD.
—Some servers block HEAD requests or return different headers per method or User-Agent.
—Security grade is presence-based only — always review the actual header values for strictness.
—Checks run server-side — results reflect what the server sends, not what your browser receives.

Security header reference

strict-transport-securityForces HTTPS connections (HSTS)

content-security-policyControls allowed content sources (CSP)

x-content-type-optionsPrevents MIME-type sniffing

x-frame-optionsControls iframe embedding

referrer-policyControls referrer information in requests

permissions-policyControls browser feature access

cross-origin-opener-policyIsolates browsing context from other origins

Related tools

🔒

SSL Certificate Checker

Inspect a site's SSL/TLS certificate, expiry, and cipher details.

🔍

Whois Lookup

Query WHOIS records for domains and IPs, with a clean summary.

📡

Port Scanner

Scan a host for open TCP ports (local / internal usage only).