HTTP Headers Viewer

View and analyze HTTP response headers

Your Request Headers

Headers your browser sends with requests:

Website URL

Frequently Asked Questions

What are HTTP headers?

HTTP headers are metadata sent between browser and server controlling caching, security, content type, and cookies.

What security headers should I use?

Essential: Content-Security-Policy, X-Content-Type-Options, X-Frame-Options, HSTS, and Referrer-Policy.

How to check my headers?

Enter your URL here to see all response headers. Check for security headers and cache settings.

What is the X-Forwarded-For header used for?

X-Forwarded-For identifies the original client IP when traffic passes through proxies or load balancers. It contains a comma-separated list of IPs showing the request path from client to server.

How do I add security headers to my website?

Add headers like Content-Security-Policy, X-Frame-Options, and Strict-Transport-Security via your web server config (nginx/Apache), .htaccess file, or application middleware.

Important Security Headers

Content-Security-Policy: Prevents XSS attacks by specifying allowed content sources.

Strict-Transport-Security: Forces HTTPS connections (HSTS).

X-Frame-Options: Prevents clickjacking attacks by controlling iframe embedding.

X-Content-Type-Options: Prevents MIME type sniffing.

X-XSS-Protection: Enables browser's XSS filter (legacy).

Referrer-Policy: Controls how much referrer information is shared.

Caching Headers

Cache-Control: Specifies caching directives for both requests and responses.

ETag: Provides a unique identifier for a specific version of a resource.

Last-Modified: Indicates when the resource was last changed.

Expires: Sets an expiration date for the cached resource.

🔍 Check Your IP Address

While you're here, find out your public IP address, location, and ISP details instantly.

Check My IP →