Analyze HTTP response headers for any URL. Check security headers, caching, redirects, and server configuration—instantly.
Free Tool · Instant results · No signup required
HTTP status code (200, 301, 404, 500, etc.) and response time.
Full redirect path from initial URL to final destination.
HSTS, CSP, X-Frame-Options, X-Content-Type-Options, and more.
Cache-Control, ETag, Last-Modified, Expires, Vary.
Server software, powered-by headers, CDN detection.
Content-Type, encoding, compression, content length.
Forces browsers to only connect via HTTPS. Prevents downgrade attacks and cookie hijacking. Essential for any site handling sensitive data.
Strict-Transport-Security: max-age=31536000; includeSubDomains
Controls which resources the browser can load. Powerful protection against XSS attacks. Can be complex to configure but highly effective.
Content-Security-Policy: default-src 'self'
Prevents your site from being embedded in iframes. Protects against clickjacking attacks.
X-Frame-Options: SAMEORIGIN
Prevents browsers from MIME-sniffing. Ensures content is treated as declared.
X-Content-Type-Options: nosniff
Controls how much referrer information is sent with requests. Protects user privacy and prevents leaking sensitive URLs.
Referrer-Policy: strict-origin-when-cross-origin
Controls which browser features your site can use (camera, microphone, geolocation, etc.). Limits attack surface.
Permissions-Policy: geolocation=(), camera=()
Want to understand more about web security? Read our complete guide to uptime monitoring.
Verify your site has proper security headers configured
Check for redirect chains, canonical issues, and caching problems
Analyze caching headers and compression settings
Debug unexpected redirects or response codes
See what headers and CDN competitors use
Confirm headers are correctly set after deployment
HTTP headers are metadata sent between browsers and servers with every request and response. They contain information about caching, security, content type, authentication, and more. Headers control how browsers handle your content.
Security headers protect your site and users from common attacks like XSS, clickjacking, and man-in-the-middle attacks. They're an essential layer of defense that doesn't require code changes—just server configuration.
It depends on your setup. For Apache, use .htaccess. For Nginx, add to your server config. For Cloudflare, use Transform Rules. For Vercel/Netlify, use their headers configuration. Most hosting platforms have documentation for adding custom headers.
301 is permanent—it tells search engines the page has moved forever and to transfer SEO value to the new URL. 302 is temporary—the original URL should keep its SEO value. Use 301 for permanent moves, 302 for temporary situations like A/B tests or maintenance.
Each redirect adds latency and can dilute link equity. Long chains (3+ redirects) slow down page loads and may cause search engines to stop following. Aim for one redirect maximum between any two URLs.
Yes, completely free. Check unlimited URLs without signing up. For continuous monitoring with alerts when your site goes down or response codes change, you can upgrade to PerkyDash.
This tool shows headers right now. PerkyDash monitors continuously and alerts you when something breaks.
Free tier includes 5 monitors from 12 global regions. No credit card required.