DNS Lookup IP Lookup API Tester HAR Analyzer Redirect Gen

HTTP Headers Checker

Inspect HTTP response headers for any URL. Highlights security headers, cache policy, CORS and performance headers. Calculates a security grade.

Try:
Common Security Headers Guide
Strict-Transport-SecurityForces HTTPS and prevents SSL stripping. Use max-age=31536000; includeSubDomains
Content-Security-PolicyRestricts resources the browser may load. Prevents XSS and data injection.
X-Frame-OptionsPrevents clickjacking. Use DENY or SAMEORIGIN.
X-Content-Type-OptionsPrevents MIME sniffing. Always use nosniff.
Referrer-PolicyControls how much referrer info is sent. strict-origin-when-cross-origin is a safe default.
Permissions-PolicyControls access to browser APIs (camera, mic, geolocation). Replaces Feature-Policy.
Cross-Origin-Embedder-PolicyRequired for SharedArrayBuffer. Use require-corp.
Cross-Origin-Opener-PolicyIsolates browsing context. Use same-origin for security.

Related Tools

DNS Lookup IP Lookup API Tester HAR Analyzer Redirect Gen