HTTP Headers Checker
Inspect all HTTP response headers for any URL. Check security headers, caching configuration, and server information with a security grade from A+ to F.
What Are HTTP Response Headers?
HTTP response headers are metadata sent by a web server along with every page response. They control caching, security, content type, and how browsers handle the response. Security headers in particular protect against XSS, clickjacking, MIME sniffing, and other attacks.
Essential Security Headers
Strict-Transport-Security
Enforces HTTPS connections, preventing SSL stripping attacks
Content-Security-Policy
Controls which resources can load, preventing XSS and injection
X-Content-Type-Options
Prevents MIME type sniffing attacks
X-Frame-Options
Prevents clickjacking by controlling iframe embedding
Referrer-Policy
Controls how much referrer information is shared
Permissions-Policy
Restricts browser API access (camera, mic, location)
Read our detailed security headers guide for implementation instructions.
Frequently Asked Questions
What are HTTP headers?
HTTP headers are key-value pairs sent between the browser and server with every request and response. Response headers control caching, security, authentication, content type, and more.
Why do security headers matter for SEO?
Security headers protect your site from attacks that could compromise user data or inject malicious content. Google considers site security as a trust signal, and Chrome warns users about insecure sites.
What security grade should I aim for?
Aim for A or A+. This means all 6 major security headers are present and properly configured. Most modern hosting platforms make this easy to achieve.