Get My HTTP Headers - View Client Request Headers

What Are HTTP Request Headers?

Whenever you visit a website, your browser sends a "request" to the server. This request includes a set of "headers"—key-value pairs that provide context about the client (you), the resource being requested, and the capabilities of your browser.

Common request headers include:

• User-Agent: Identifies your browser type, version, and OS.
• Accept-Language: Tells the server your preferred languages (e.g., en-US).
• Available-Formats: (Accept header) What file types your browser can handle.
• Referer: The URL of the page that linked you to the current page.
• Cookie: Authentication tokens and session IDs associated with the domain.

Why Analyze Request Headers?

1. Privacy Auditing: See exactly what information you are revealing. Your headers can be combined to create a unique "fingerprint" that tracks you across the web, even without cookies.

2. Debugging Access Issues: If a website blocks you, checking headers can reveal why. Perhaps you aren't sending the correct "Referer" or your "User-Agent" is flagged as a bot.

3. Content Negotiation: Headers like "Accept-Language" determine if a site loads in English, Spanish, or French automatically. "Accept-Encoding" tells the server if it can send compressed (gzip/brotli) content to save bandwidth.

Security Headers (Response)

While this tool focuses on Request headers (what you send), servers reply withResponse headers. These are critical for security:

• Strict-Transport-Security (HSTS): Forces HTTPS connections.
• Content-Security-Policy (CSP): Prevents Cross-Site Scripting (XSS).
• X-Frame-Options: Prevents clickjacking attacks.

Privacy and the "Do Not Track" Header

The "DNT" (Do Not Track) header sends a signal (DNT: 1) to websites requesting not to be tracked. However, this is a voluntary standard, and most advertising networks ignore it. Browsers are moving towards more active protection (like blocking third-party cookies) rather than relying on this passive header.