Home All Tools Security Analysis < HTTP Headers Checker Checker

HTTP Headers Checker

View response headers, status codes, server info, and protocol details

Related Tools

SSL Checker

Verify SSL certificate details and validity

Security Headers Scanner

Scan for CSP, HSTS, X-Frame-Options

Port Scanner

Scan common ports (21, 22, 80, 443, etc.)

Email Security Checker

Check SPF, DKIM, DMARC records

URL Redirect Checker

Track 301/302 redirect chains

What is an HTTP Headers Checker?

An HTTP Headers Checker is a tool used to get and view the headers that are returned in response to a request for a URL. The protocol of the HTTP protocol always passes key-value pairs between the client (the browser) and the server with every request. They include vital data on the server, the response, caching policies, security settings, cookies, content type and more.

Our HTTP Headers Checker sends a HEAD request to the target address and returns all the response headers – headers from any redirect chain – in a neat, easy to read format. It also shows connections information like the final URL, HTTP response code, the IP of the server, response time, and the content type.

The HTTP Headers Checker gives you what information?

Once you've checked a URL, our tool will present you with the following:

  • HTTP Status Code: HTTP response status (e.g., 200 OK, 301 Moved Permanently, 404 Not Found).
  • Protocol Version - HTTP/1.1, HTTP/2, or HTTP/3.
  • Server — The program that hosts the website (such as Apache, Nginx, or Cloudflare).
  • Content-Type — MIME type of the response (e.g., text/html, application/json).
  • Content-Length — The number of bytes in the body of the response.
  • Date — The date and time at which the response was created.
  • Last-Modified — When the resource was last changed on the server.
  • ETag — A unique identifier used to implement cache validation.
  • Cache-Control: Instructions to cache (e.g., max-age, no-cache, no-store).
  • Set-Cookie — These are cookies set by the server.
  • X-Powered-By — The technology stack that powers the server (eg PHP, ASP.NET).
  • Redirect Headers - Location and status for each redirect in the chain.

Connection Details

  • Final URL – URL after all redirects are followed.
  • Server IP — IP address where the responding server is located.
  • Connect Time — How long it took to establish the connection.
  • Total time: The entire length of the request.
  • Redirect Count — Redirects followed.
  • <Response Size> — Size of the body of the reply.

To use the HTTP Headers Checker, follow these steps:

HTTP headers can be quickly and easily checked:

  • You can type in a complete URL (such as https://example.com) or only the domain (such as example.com).
  • Click on Check Headers.
  • Display all the response headers sorted by redirect step, and connection information.

Here's a breakdown of some of the common HTTP Response Headers.

  • Server — Indicates the name of the Web server software. This can pose a security threat and so many servers keep it hidden or disguised.
  • Content-Type — Indicates to the browser the type of content being returned (HTML, JSON, image, etc.).
  • Content-Security-Policy — Used to limit resources the browser can load.
  • Strict-Transport-Security — Enforces HTTPS use in the future (HSTS).
  • X-Frame-Options — This option determines if the page can be safely embedded in an iframe (clickjacking protection).
  • When set to nosniff this header prevents MIME type sniffing.
  • Cache-Control — Directs the browser and CDN to control the caching of responses.
  • Set-Cookie — Tells browser to save cookies for session, tracking, or preferences.
  • Location — Provided in a redirect response (3xx) to indicate the URL the client should go to.
  • WWW-Authenticate — Used in 401 responses, to indicate the authentication scheme that should be used.

Description of Status Codes

  • 1xx (Informational) The request was received and processing continues.
  • 2xx (Success) — The request has been successfully received, understood and accepted (e.g. 200 OK).
  • 3xx (Redirection) — Additional steps are required to fulfill the request (e.g. 301, 302).
  • 4xx (Client Error) — The request made has bad syntax or is not possible (e.g. 404, 403).
  • 5xx (Server Error) — An error occurred on the server that prevented it from fulfilling a valid request (e.g., 500, 503).

Why is it beneficial to check HTTP headers?

  • Debugging — Understanding the status codes and redirect chains to determine if a page is not loading properly.
  • Security Auditing — Ensure that security headers are present (CSP, HSTS, X-Frame-Options).
  • Performance — Evaluate caching headers (Cache-Control, ETag) for improved page load performance.
  • SEO — Ensure that all canonical URLs are returning 200 status codes and old URLs are redirecting properly with a 301 status code.
  • Server Detection — detect web server, technology stack and the CDN being used.
  • Cookie Analysis — Analyze cookies set in terms of security flags (Secure, HttpOnly, SameSite).

Privacy

Your web browser will show the response header from the target URL when we make a direct HEAD request to it. We are not tracking the URLs you view, the headers returned or your IP address. There is no rate limits, captcha, or account registration required for the HTTP Headers Checker.

Frequently Asked Questions

What are the HTTP Headers?

HTTP headers are a collection of key/value pairs that are exchanged between a client (a browser) and a server when a client makes an HTTP request or receives an HTTP response. They contain metadata regarding the request, the response, the content, caching policies, security settings and more. They are different from the content (body) of the request or response.

Yes, the HTTP Headers Checker is free and open source.

Yes. Our HTTP Headers Checker will not require any sign-up, daily limits, or captchas and is 100% free.

What is the difference between a "GET" request and a "HEAD" request?

A GET request fetches the content (body) and the headers of the response. A HEAD request fetches just the headers. Our tool will use HEAD requests since we only need to look at the headers, and HEAD requests are faster and bandwidth efficient.

Why is there more than one header block?

Each step on the redirect chain will have a set of response headers (e.g., if I redirect from http to https, then https will have its own set of response headers), but they will be different from each other. Each step of the redirect is shown individually to allow you to follow the entire redirect chain.

What does a 301 redirect mean?

A 301 Moved Permanently redirect will alert the browser and search engines that the resource has been moved to a new location. It is the type of redirect that is recommended to be used for SEO because the search engines pass on the ranking signals to the new URL.

What security headers should my website have?

The important security headers are: Content-Security-Policy (CSP), Strict-Transport-Security (HSTS), X-Content-Type-Options (nosniff), X-Frame-Options (DENY or SAMEORIGIN), and Referrer-Policy. To check which of them your site has, use our Security Headers Checker!

Is there a way to see headers on a given path or file?

Yes. Any valid URL can be checked, including any path such as https://example.com/api/data or any file, such as https://example.com/robots.txt. Different headers might be returned for each URL depending on the configuration of the server.