HTTP Headers Checker
Check HTTP headers
Frequently Asked Questions
What are HTTP headers?
HTTP headers are metadata sent between browser and server with every request/response. They contain information about content type, caching, security policies, cookies, and more. The tool shows all headers returned by any URL for debugging and security analysis.
How do I check HTTP response headers for a website?
Enter the URL. The tool sends a request and displays all response headers: status code, content-type, cache-control, security headers (CSP, HSTS, X-Frame-Options), server info, and cookies. Useful for debugging and security auditing.
What security headers should every website have?
Essential: Strict-Transport-Security (HSTS), Content-Security-Policy (CSP), X-Content-Type-Options: nosniff, X-Frame-Options: DENY, Referrer-Policy. The tool checks for these and flags missing security headers.
What do HTTP status codes mean?
200: OK. 301: permanent redirect. 302: temporary redirect. 304: not modified (cached). 400: bad request. 401: unauthorized. 403: forbidden. 404: not found. 500: server error. 502: bad gateway. 503: service unavailable. The tool shows the status code and all headers.
How do I check if a website uses caching correctly?
Look for Cache-Control and ETag headers. Cache-Control: max-age=31536000 means cache for 1 year. ETag enables conditional requests. Expires sets an absolute expiry date. The tool shows all caching headers and explains their effect on performance.