Diagnostic suite · live

HTTP Headers

Fetch a URL and inspect the raw response headers and status.

About the HTTP Headers Tool

The HTTP Headers tool fetches any URL and shows you the full response headers — status code, Content-Type, caching directives (Cache-Control, ETag, Last-Modified), compression (Content-Encoding), CORS headers, security headers (Strict-Transport-Security, Content-Security-Policy, X-Frame-Options, X-Content-Type-Options), CDN headers (CF-Cache-Status, X-Cache) and cookies. It's the fastest way to inspect what a web server is actually returning, without opening devtools or spinning up curl.

Developers use it to debug caching bugs, verify CDN configuration, confirm security-header rollouts, check redirect chains, and understand why a specific page is (or isn't) being cached at the edge. SEO auditors use it to check status codes and canonical tags at scale. Security teams use it to grade a site's security-header posture. Support engineers use it to reproduce customer bugs without needing local access.

Because the request runs from Cloudflare's edge, you get a fresh, uncached response every time — no browser cache in the way. Combine with our SSL Checker to verify certificate settings and Redirect Checker to trace multi-hop redirects.

How to use this tool

  1. 1Enter the required value in the input field above (domain, IP, URL, or text depending on the tool).
  2. 2Click the action button to run the check — results are computed instantly from our edge network.
  3. 3Review the parsed output, key fields and any warnings shown in the result card.
  4. 4Copy the result, share the page URL, or jump to a related tool from the sidebar to continue debugging.

Key features

  • Full response headers in a readable table
  • Status code and HTTP version
  • Security header grading at a glance
  • Runs from the edge — no browser cache
Related searches: http header checker · http response headers · curl online · http header analyzer · security headers check · cache header inspector

Frequently asked questions

Strict-Transport-Security (HSTS), Content-Security-Policy (CSP), X-Content-Type-Options, X-Frame-Options, Referrer-Policy, and Permissions-Policy. Together they cover the biggest categories of browser-side attack (MITM, XSS injection, clickjacking, MIME sniffing).