HTTP Server Header Check

Check the HTTP response headers of any website. Analyse security headers, server info, caching, CORS, and content policies.

🌐Enter a URL to inspect its HTTP headers

🌐 HTTP Header Check

HTTP headers are key-value pairs sent between the client and server with every request and response. They control caching, security policies, content negotiation, authentication, and much more. Checking a server's response headers reveals its security posture, technology stack, and configuration quality.

πŸ”’ Security Headers

Strict-Transport-Security, Content-Security-Policy, X-Frame-Options, and X-Content-Type-Options defend against common web attacks including MITM, XSS, and clickjacking.

⚑ Performance Headers

Cache-Control, ETag, Last-Modified, and Vary control browser and CDN caching behaviour, directly impacting page load speed.

πŸ–₯️ Server Fingerprint

The Server and X-Powered-By headers often reveal web server software and version (nginx 1.24, Apache 2.4, PHP 8.2). Hiding these reduces attack surface.

πŸ”€ CORS Headers

Access-Control-Allow-Origin controls which origins can make cross-site requests. Overly permissive CORS (*) can expose APIs to malicious sites.

πŸ›‘οΈ Essential Security Headers

❓ Frequently Asked Questions

How do I add security headers?

In Apache, use Header always set in .htaccess or a VirtualHost block. In nginx, use add_header directives. CDNs like Cloudflare allow header rules in the dashboard.

What score does my site get on securityheaders.com?

That site grades headers A+ through F. Aim for at least an A by implementing HSTS, CSP, X-Frame-Options, X-Content-Type-Options, and Referrer-Policy.


Related Tools

Ping IP Online DNS Lookup IP Lookup