HTTP Header Checker

Fetch a URL from the server, follow redirects, and inspect response and security headers.

About the HTTP Header Checker

The HTTP Header Checker fetches a URL from our server, follows redirects, and shows the final response status, full header list, redirect chain, and a security header checklist. It answers what a remote client actually receives, including HSTS, CSP, X-Frame-Options, and related policies.

Browser-based fetch from the API Tester is limited by CORS. This tool runs the request server side so you can inspect any public http or https URL without the target opting in. That makes it useful for quick audits of your own sites, CDNs, and third party endpoints.

The URL you enter is sent to our server, which performs the outbound request. We block private and local addresses to reduce abuse. Nothing is stored. Only http and https schemes are allowed.

Security headers are highlighted with short notes, but this is not a full Lighthouse audit. Use it to confirm headers are present and syntactically reachable, then harden policies in your application or CDN configuration.

Your ad could be here

Reach developers and designers who use these tools every day. Privacy-first, no trackers.

Frequently asked questions

Why use this instead of browser DevTools?

DevTools shows what your browser received for a navigation you triggered. This tool fetches from a server, follows redirects explicitly, and works without CORS restrictions. It is closer to what curl -I shows.

Can I check localhost or internal URLs?

No. Requests to private IP ranges, localhost, and link-local addresses are blocked to prevent abuse of the server as an open proxy.

Does this store the URLs I check?

No. Our server fetches the URL and returns the result. The URL is not logged or persisted.

Why does the redirect chain matter?

Headers may change at each hop. HSTS might only appear after HTTPS is reached, or a CDN might strip headers on redirect. The chain shows every step from your input to the final response.

A security header shows Missing but I configured it.

Confirm the header is set on the final URL after redirects, not only on the apex or www variant. CDNs and reverse proxies sometimes override or omit headers on certain paths.

Web & Network

JWT Decoder

Decode JWT headers and payloads, inspect claims, and check expiry. Decode only, nothing is sent anywhere.

Web & Network

User-Agent Parser

Parse any user agent string into browser, engine, OS, device, and CPU details.

Web & Network

API Tester

Send REST requests from your browser, import or copy as cURL, and inspect the status, headers, timing, and response body.

Web & Network

Webhook Inspector

Get a unique URL, point a webhook at it, and inspect every request it receives in real time.

Web & Network

URL Encoder & Parser

Encode and decode URL components, and break any URL into protocol, host, path, and query parameters.

Web & Network

Timestamp Converter

Convert Unix timestamps to readable dates and back, with a live current timestamp and timezone support.