HTTP Headers Checker

Reference guide for HTTP response headers with security recommendations and examples.

📡 Your Browser Headers

🔒 security Headers

Strict-Transport-Security
Enforces HTTPS connections
max-age=31536000; includeSubDomains
Content-Security-Policy
Controls resource loading
default-src 'self'
X-Frame-Options
Prevents clickjacking attacks
DENY or SAMEORIGIN
X-Content-Type-Options
Prevents MIME type sniffing
nosniff
X-XSS-Protection
XSS attack prevention
1; mode=block
Referrer-Policy
Controls referrer information
strict-origin-when-cross-origin

caching Headers

Cache-Control
Caching directives
max-age=3600, public
ETag
Resource version identifier
"33a64df551425fcc55e4d42a148795d9f25f89d4"
Last-Modified
Last modification date
Tue, 15 Nov 1994 12:45:26 GMT
Expires
Expiration date for cached content
Thu, 01 Dec 2024 16:00:00 GMT

📄 content Headers

Content-Type
Media type of resource
text/html; charset=utf-8
Content-Length
Size of response body
348
Content-Encoding
Compression method
gzip, br
Content-Language
Language of content
en-US

🌐 cors Headers

Access-Control-Allow-Origin
Allowed origins for CORS
* or https://example.com
Access-Control-Allow-Methods
Allowed HTTP methods
GET, POST, OPTIONS
Access-Control-Allow-Headers
Allowed request headers
Content-Type, Authorization

Complete Guide to HTTP Headers

HTTP headers are metadata sent between web servers and browsers that control how web content is delivered, cached, and secured. Understanding these headers is essential for web developers, security professionals, and system administrators optimizing website performance and security.

Headers are divided into request headers (sent by the client) and response headers (returned by the server). Response headers are particularly important for controlling caching behavior, security policies, and content negotiation.

Security Headers Explained

Security headers protect websites from common attacks. Strict-Transport-Security (HSTS) forces HTTPS connections. Content-Security-Policy (CSP) prevents XSS attacks by controlling resource loading. X-Frame-Options prevents clickjacking by controlling iframe embedding. Implementing these headers significantly improves security posture.

Caching Headers for Performance

Proper caching headers dramatically improve website performance. Cache-Control defines caching policies, while ETag and Last-Modified enable conditional requests that reduce bandwidth. Well-configured caching reduces server load and improves user experience.

CORS Headers for APIs

Cross-Origin Resource Sharing (CORS) headers control which domains can access your resources. Access-Control-Allow-Origin specifies allowed origins, while related headers control methods, headers, and credentials. Proper CORS configuration is essential for API security.

Headers and SEO

Certain headers impact SEO indirectly. Cache-Control affects page speed scores. Content-Encoding (gzip/brotli) reduces page size. X-Robots-Tag can control indexing. Implementing proper headers contributes to overall technical SEO health.

Testing and Debugging Headers

Use browser DevTools (Network tab) to inspect headers. Command-line tools like curl -I display response headers. Online tools can check security header implementation. Regular audits ensure headers remain properly configured.

Web Tools

HTTP Status CodesUser Agent ParserBrowser Info