All Tools

Header Inspector

Analyze HTTP response headers and security posture.

HTTP headers are metadata exchanged between browsers and servers on every request. They control security, caching, content handling, and SEO — all invisible to visitors but critical to how a website functions.

Key security headers include Content-Security-Policy (prevents XSS attacks), Strict-Transport-Security (forces HTTPS), X-Frame-Options (blocks clickjacking), and X-Content-Type-Options (stops MIME sniffing). Missing any of these can leave a site vulnerable.

Performance headers like Cache-Control and ETag determine how long browsers cache resources, directly affecting load times. This tool fetches all response headers for any URL and scores the security configuration.

example.comgithub.com
Want the full picture?
Run a free Website Health Check →

Common questions

Start with Content-Security-Policy, Strict-Transport-Security, X-Frame-Options, X-Content-Type-Options, and Referrer-Policy. These protect against XSS, clickjacking, and protocol downgrade attacks.

Header Inspector shows all response headers and a security score. The Security Headers Analyzer focuses on grading security header configuration with detailed recommendations.

No. Requests run in real time and results are not saved on our servers.