Overview
Check HTTP response headers for any URL. Verify security headers (CSP, HSTS, X-Frame-Options), caching headers, and server information.
How to Use
Enter the required information below. Results update in real-time with details about your configuration.
Example Use Cases
- Audit security headers (CSP, HSTS, X-Frame-Options) before launching a production site
- Verify caching headers are set correctly to improve page load performance
- Debug CORS issues by inspecting Access-Control-Allow-Origin responses
- Confirm your server is running the expected software version for compliance
Common Issues
Missing security headers: Without Content-Security-Policy, X-Frame-Options, and HSTS, your site is vulnerable to common attacks. Add them via your server config or CDN.
Aggressive caching: A Cache-Control header with a very long max-age can cause users to see stale content after updates. Use appropriate cache durations for different resource types.