HTTP Header Checker
Status, server, redirects & security headers for any URL.
↳ received from
Help us improve
Was this tool useful? Tap a star.
Thanks — your rating helps others find it.
An HTTP header checker fetches a URL and shows the response headers the server sends back — the status code, server software, content type, any redirect, and the security headers (HSTS, CSP, X-Frame-Options and more) that protect visitors. Enter a URL to inspect them.
Why the security headers matter
HSTS forces HTTPS, CSP blocks injected scripts, X-Frame-Options stops click-jacking, X-Content-Type-Options stops MIME sniffing, and Referrer-Policy and Permissions-Policy control what leaks to other sites. Missing ones are the easiest security wins on any site — this shows which you have at a glance.
FAQ
Does it follow redirects?No — it shows the first response so you can see the redirect itself (status 301/302 and the Location). Re-check the target URL to follow the chain.
What are the security headers it checks?HSTS, Content-Security-Policy, X-Frame-Options, X-Content-Type-Options, Referrer-Policy and Permissions-Policy — the six that cover most common web attacks.
Can I check a specific page, not just the domain?Yes — paste the full URL (https://example.com/path) and it checks that exact page's headers.