Skip to content

Free HTTP Header Checker

Enter any URL to inspect its HTTP response headers. Check security headers, caching configuration, redirect chains, and get a security grade.

Why Check HTTP Headers?

HTTP response headers control how browsers interact with your website. Properly configured headers improve security, performance, and SEO. Missing security headers can leave your site vulnerable to attacks like XSS, clickjacking, and protocol downgrade.

Security Headers Explained

Strict-Transport-Security (HSTS) forces browsers to use HTTPS, preventing man-in-the-middle attacks. This is especially important for sites handling sensitive data or using custom domains. Check your SSL certificate to make sure HTTPS is properly configured.

Content-Security-Policy (CSP) defines which resources can be loaded on your page, providing strong protection against cross-site scripting (XSS) attacks.

Headers and Custom Domain Proxying

When proxying requests for custom domains, proper header forwarding is critical. The proxy should sanitize hop-by-hop headers, forward relevant request context, and inject identification headers so your application knows which customer is accessing it. SaaSKevin handles this automatically, including signed customer identification headers that your application can read to serve the right content.

Frequently Asked Questions

What are HTTP headers?
HTTP headers are metadata sent between browsers and servers with every request and response. Response headers contain information about the server, caching rules, security policies, content type, and more.
What security headers should my site have?
Key security headers include Strict-Transport-Security (HSTS) for forcing HTTPS, Content-Security-Policy for preventing XSS, X-Frame-Options for preventing clickjacking, X-Content-Type-Options for preventing MIME sniffing, and Referrer-Policy for controlling referrer information.
What does the security grade mean?
The security grade (A+ to F) is based on how many recommended security headers your site includes. An A+ means all major security headers are present, while an F means few or none are configured. This is a general assessment -- specific requirements depend on your application.
How do redirect chains affect performance?
Each redirect adds a round trip between the browser and server, increasing page load time. A single redirect (e.g., HTTP to HTTPS) is normal, but chains of 3+ redirects should be avoided by pointing directly to the final URL.
What is HSTS and why is it important?
HSTS (HTTP Strict Transport Security) tells browsers to only access your site over HTTPS. Once a browser receives this header, it will automatically convert any HTTP requests to HTTPS, preventing man-in-the-middle attacks from protocol downgrade.

Need setup examples for real SaaS products? Browse our industry guides and explore all free domain tools.

Related Tools

Redirect Checker

Trace the full redirect chain for any URL. See each hop with status codes, response times, and the final destination.

SSL Checker

Free SSL certificate checker. View issuer, validity, expiration countdown, and certificate chain for any domain.

Status Checker

Check if any website is up or down. See response time, HTTP status code, and SSL certificate status instantly.