View HTTP response headers of any URL
HTTP response headers
| Header | Value |
|---|---|
|
|
Recommended to add
The tool sends an HTTP request to the specified URL and displays the server's response headers.
Strict-Transport-Security (HSTS) — forces the browser to use HTTPS for all requests.
Content-Security-Policy (CSP) — restricts resource loading sources, protecting against XSS.
X-Frame-Options — prevents page embedding in frames (clickjacking protection).
X-Content-Type-Options — prevents MIME sniffing (should be nosniff).
Referrer-Policy — controls what information is passed in the Referer header.
Permissions-Policy — restricts access to browser APIs (camera, microphone, geolocation, etc.).
HTTP Headers Viewer — Server Response Analysis Online
The tool sends a HEAD request to the specified URL and shows all HTTP response headers. Useful for diagnosing caching, security, CORS settings, and debugging server configurations.
Key HTTP Headers
| Header | Description |
|---|---|
| Content-Type | Content type and encoding: text/html; charset=UTF-8 |
| Server | Web server: nginx, Apache, Cloudflare |
| Location | Redirect URL (3xx responses) |
| ETag | Resource version identifier for caching |
Security Headers
| Header | Purpose |
|---|---|
| Strict-Transport-Security | Enforce HTTPS (HSTS) |
| Content-Security-Policy | Resource loading policy, XSS protection |
| X-Frame-Options | Clickjacking protection (DENY, SAMEORIGIN) |
| X-Content-Type-Options | Prevent MIME-sniffing: nosniff |
Caching Headers
| Header | Purpose |
|---|---|
| Cache-Control | Caching directives: max-age, no-cache, no-store, public/private |
| ETag | Resource version hash for conditional requests (If-None-Match) |
| Last-Modified | Timestamp for conditional requests (If-Modified-Since) |
| Expires | Legacy expiration date (superseded by Cache-Control) |
| Vary | Headers that affect cache key (e.g. Accept-Encoding) |
Proper caching headers reduce server load and improve page speed. Use Cache-Control: public, max-age=31536000 for static assets and no-cache for dynamic HTML.
Frequently Asked Questions
Why don't all sites show headers?
Some servers block HEAD requests or require specific User-Agents. CORS may also restrict browser requests to third-party domains.
How is HEAD different from GET?
HEAD returns only headers without a response body — much faster and saves traffic.
For DNS record checking use DNS Lookup, for Open Graph analysis — OG Checker.
Useful articles
WCAG Color Contrast: Website Accessibility Guide
A complete guide to color contrast: WCAG 2.1 standards, AA and AAA levels, calculation formula, practical examples of good and bad contrast, and how to fix accessibility issues.
CSS Border Radius: Rounding Element Corners
How to use border-radius: syntax, shorthand notation, elliptical corners. Online border-radius generator.