HTTP Header Checker

New

View every response header of any URL, including security headers (HSTS, CSP, X-Content-Type-Options, X-Frame-Options, Referrer-Policy, Permissions-Policy), cache controls, content type, encoding and server info.

Last updated June 2025 4 min read Works in browser Privacy first

We fetch the page server-side. Nothing is stored. Works with any public URL.

Inspect response headers

See what your server returns — caching, compression, security and more.

Steps

How to use

  1. Enter the URL to inspect.
  2. Review security headers, caching, compression and server info in one view.
  3. Copy or export the full response header list.
Why you’ll love it

Benefits

Free forever

No trials, no paywalls, no ads inside the tool.

Zero friction

No sign up, no email, no cookies you didn’t ask for.

Fast by design

Interactions render in under 200ms on modern devices.

Tips

Pro tips

  • HSTS + CSP + X-Content-Type-Options give you the biggest security win in three headers.
  • Enable Brotli (or gzip) compression for HTML/JS/CSS to shrink transfer sizes.
  • Set an explicit Cache-Control policy — never rely on browser defaults.
Watch out

Common mistakes to avoid

  • Skipping validation before copying the output.
  • Not double-checking the input for hidden characters (leading spaces, invisible unicode).
  • Sharing sensitive data through URLs — use the copy button instead.

Frequently asked questions

Made with care by ToolMint