HTTP Header Checker
Inspect HTTP response headers for any URL. Check security headers, caching policy, server info, and more.
How to Check HTTP Headers
Enter any URL and click Inspect to see all HTTP response headers returned by the server. The results show every header name and value in a clean table format. A dedicated security headers section uses green checkmarks and red indicators to show which recommended security headers are present and which are missing. This includes Content-Security-Policy, Strict-Transport-Security (HSTS), X-Frame-Options, X-Content-Type-Options, Referrer-Policy, and Permissions-Policy. Use this tool to audit your own site or analyze competitors.
Why HTTP Headers Matter for Security
HTTP security headers are your first line of defense against common web attacks. Content-Security-Policy (CSP) prevents cross-site scripting (XSS) by restricting which scripts can run. Strict-Transport-Security (HSTS) forces browsers to use HTTPS, preventing downgrade attacks. X-Frame-Options blocks clickjacking by preventing your site from being embedded in iframes. X-Content-Type-Options stops MIME-type sniffing attacks. Without these headers, your site is vulnerable to well-known attacks that security scanners will flag. Most take only a few lines of server configuration to add.