Development tools
HTTP Headers Viewer
Inspect every HTTP response header for any URL, get a security grade, and see plain-English explanations of caching, CORS and security headers.
All response headers
Security grade A–F
Cache-Control explained
CORS headers
Redirect following
Server fingerprint
Free · No credit card · 50 credits/day
Key security headers checked
| Header | Protects against |
|---|---|
| Strict-Transport-Security | Forces HTTPS; prevents SSL stripping attacks |
| Content-Security-Policy | XSS, data injection, inline script execution |
| X-Frame-Options | Clickjacking — prevents your page being iframed |
| X-Content-Type-Options | MIME type sniffing that can enable XSS |
| Referrer-Policy | Referrer header leaking sensitive URL paths |
| Permissions-Policy | Restricts access to camera, microphone, geolocation |
| Cross-Origin-Opener-Policy | Spectre/side-channel attacks via shared browsing context |
Frequently asked questions
Related security tools
Deeper header and security analysis.
Inspect any site's headers now
Free account. 50 credits per day. Access to 75+ tools instantly.
Create free account →