HTTP Headers Inspector
Paste HTTP response headers and get instant analysis for security, caching, and performance. Identifies missing security headers, explains cache directives, and flags potential issues. All analysis runs in your browser.
How to use the HTTP Headers Inspector
Get your headers
In your browser DevTools, open the Network tab, click a request, and copy the response headers. Alternatively, use curl -I https://yoursite.com in your terminal and copy the output. Paste the full block into the inspector — the HTTP status line is ignored automatically.
Read your security score
The score reflects how many of the six critical security headers are present: HSTS, CSP, X-Content-Type-Options, X-Frame-Options, Referrer-Policy, and Permissions-Policy. Each header gets a GOOD, WARN, or BAD rating based on its value — not just its presence.
Fix missing headers
Any security header that is absent appears in the Missing security headers section with an explanation of what it does and why it matters. Each entry tells you exactly what to add to your server or CDN configuration.
🔐 Security score
Checks for HSTS, CSP, X-Frame-Options, X-Content-Type-Options, and other critical security headers with explanations.
⚡ Cache analysis
Breaks down Cache-Control directives, ETag, Expires, and Vary headers. Explains what each directive means for performance.
🔍 Missing headers
Flags important headers that are absent from the response, with a brief explanation of why each one matters.