HTTP Headers Viewer
Inspect HTTP response headers for any public URL.
Header inspection tool
Analyze HTTP response headers
Validate a URL or paste raw response headers for reliable local parsing. Pasted-header mode works fully in the browser.
Paste headers from DevTools, curl, Postman, or server logs.
Headers are ready to inspect and copy.
Analysis status
Ready
Pasted-header mode parses the header block locally in your browser.
Detected highlights
Status code
200
HTTP status if available.
Header count
10
Parsed response headers.
Content type
text/html; charset=UTF-8
Response format metadata.
Cache status
Cacheable
max-age=3600
Security status
Strong signal
Based on selected security header presence only.
CORS status
Configured
https://example.com
Compression
Brotli
Detected from Content-Encoding.
Mode
Pasted headers
Current inspection mode.
Copy all headers
Copy the full parsed header block for debugging, documentation, or sharing with teammates.
Copy parsed summary
Copy a compact summary with status, content type, cache, CORS, compression, and security signals.
Privacy note
Pasted headers are parsed locally in the browser. Avoid pasting private cookies, tokens, or internal hostnames.
Security note
Security headers are useful, but they do not prove a site is fully secure by themselves.
CORS limitation
Browser JavaScript cannot read every third-party response header. Pasted-header mode avoids that limitation.
Accuracy note
Browser-visible headers may not include every server, CDN, proxy, or redirect header.
Parsed header details
Review each header, what it means, and copy individual values.
content-type
text/html; charset=UTF-8
Describes the response format, such as HTML, JSON, CSS, JavaScript, or an image.
cache-control
max-age=3600
Controls browser, CDN, and intermediary caching behaviour.
etag
"abc123"
Cache validation token used to check whether content changed.
content-encoding
br
Compression format such as gzip, br, zstd, or identity.
strict-transport-security
max-age=31536000; includeSubDomains
Instructs browsers to use HTTPS for future requests.
content-security-policy
default-src 'self'
Security policy that restricts what resources the browser may load.
x-frame-options
SAMEORIGIN
Clickjacking protection for iframe embedding.
x-content-type-options
nosniff
Prevents MIME type sniffing when set to nosniff.
referrer-policy
strict-origin-when-cross-origin
Controls how much referrer information is sent.
access-control-allow-origin
https://example.com
CORS policy that controls which origins can access the response.
Practical HTTP header examples
Click an example to load it into pasted-header mode.
HTTP headers quick reference
Content-Type
Describes the response format.
Cache-Control
Controls browser and CDN caching.
Location
Used for redirects.
Set-Cookie
Sends cookies to the browser.
Content-Encoding
Compression such as gzip or br.
ETag
Cache validation token.
Access-Control-Allow-Origin
CORS access policy.
Strict-Transport-Security
HTTPS policy.
Content-Security-Policy
Browser security policy.
Referrer-Policy
Controls referrer information.
Developer guide
Understand HTTP response headers
Headers describe content type, caching, redirects, cookies, security policies, compression, server behaviour, and cross-origin access.
What is an HTTP Headers Viewer?
An HTTP Headers Viewer helps inspect metadata sent with HTTP responses. Developers use it to understand how browsers, APIs, CDNs, and servers handle a response.
When should developers use one?
Use it for API debugging, content type checks, redirect investigation, cache review, compression checks, CORS debugging, cookie review, security header checks, CDN testing, and SEO troubleshooting.
Response headers vs request headers
Request headers are sent by the client to the server. Response headers are returned by the server to the client. This page focuses mainly on response headers.
Privacy and security
Avoid pasting private cookies, Authorization headers, tokens, session IDs, API keys, or internal hostnames into online tools unless you trust the environment.
Common HTTP header mistakes
How to use this HTTP Headers Viewer
- 1Enter a URL to validate it or switch to pasted-header mode.
- 2Paste headers copied from DevTools, curl, Postman, or server logs.
- 3Review status, content type, cache, CORS, compression, and security summaries.
- 4Open individual headers to see what they mean.
- 5Copy the full header block or selected values for debugging.
Why developers use an HTTP Headers Viewer
HTTP Headers Viewer FAQs
It shows the metadata returned with an HTTP response, such as content type, cache rules, security policies, cookies, redirects, and CORS headers.
Related tools
More tools to try
Related reading
Learn the formula, assumptions, examples, or context behind this tool.