HTTP Headers Checker

The HTTP Headers Checker fetches the HTTP response headers for any URL. HTTP headers are metadata sent by the server with every response — they control caching, security, content type, redirects, and much more.

Why Security Headers Matter

Security headers are instructions from the server to the browser that harden your site against common attacks. Missing headers are a frequent source of web application vulnerabilities.

Content-Security-Policy

Prevents XSS and data injection attacks by controlling resource loading.

Strict-Transport-Security

Forces HTTPS connections (HSTS). Prevents protocol downgrade attacks.

X-Content-Type-Options

Prevents MIME-type sniffing. Should be set to "nosniff".

X-Frame-Options

Prevents clickjacking by controlling whether the page can be embedded in iframes.

Permissions-Policy

Controls access to browser APIs like camera, microphone, and geolocation.

Understanding HTTP Status Codes

2xx: Success — the request was fulfilled (200 OK, 201 Created).
3xx: Redirection — the client must take additional action (301, 302 redirects).
4xx: Client errors — bad request or not authorized (404 Not Found, 403 Forbidden).
5xx: Server errors — the server failed to fulfill the request (500, 502, 503).

This tool follows redirects and shows the final URL if the original was redirected. Great for checking canonical URLs and redirect chains.