HTTP Headers Checker
Inspect every HTTP response header returned by a web server or CDN.
Powered by Geekflare Website Load Time API
What Is the HTTP Headers Checker?
Geekflare HTTP Headers Checker fetches the full list of HTTP response headers returned by any public URL and displays them in a searchable table. Unlike the Secure Headers Test, which focuses on OWASP-recommended security headers, this tool dumps every header your server sends. It is useful for debugging caching, compression, redirects, and custom configurations.
This tool uses the Geekflare Website Load Time API to follow redirects and inspect the response headers returned by the final page.
What Are HTTP Response Headers?
When a browser requests a page, the server replies with two parts: the response body including HTML, JSON, images, etc. and a set of response headers in key-value pairs that tell the browser and any intermediaries how to handle the response.
Common Headers
| Category | Example Headers |
|---|---|
| Security | Strict-Transport-Security, Content-Security-Policy, X-Content-Type-Options |
| Caching | Cache-Control, ETag, Expires, Last-Modified |
| Content | Content-Type, Content-Encoding, Content-Length |
| Redirects | Location |
| Server info | Server, X-Powered-By |
| CORS | Access-Control-Allow-Origin, Vary |
Common Things to Check
Caching — Look for Cache-Control: no-store or no-cache on pages that should not be cached, and max-age / s-maxage on static assets.
Compression — If Content-Encoding: gzip or br is missing, the server may not be compressing responses.
Security gaps — Missing Strict-Transport-Security, Content-Security-Policy, or X-Content-Type-Options are worth addressing.
Information leakage — Headers like Server: Apache/2.4.51 or X-Powered-By: PHP/8.1 expose version information. Consider hiding them on production servers.
Frequently Asked Questions
HTTP response headers are key-value pairs sent by the server alongside the response body. They control caching, security policies, content encoding, cookies, redirects, and much more.
The Secure Headers Test focuses specifically on the OWASP-recommended security headers with pass/fail analysis. The HTTP Headers Checker dumps all response headers.
Common use cases include verifying that cache headers (Cache-Control, ETag, Expires) are set correctly, checking that the right Content-Type is returned, confirming redirects work as expected, or simply auditing what a server exposes.
At minimum: Strict-Transport-Security, Content-Security-Policy, X-Content-Type-Options, Referrer-Policy, and Cache-Control.