OneWebDesk
All tools
한국어|English

HTTP Header Checker

Fetch and display the HTTP response headers of a URL.

HTTP Header Checker shows, in real time, the exact response status code and headers a server returns for a given URL. Without opening browser dev tools, you can review security headers (HSTS, CSP, X-Frame-Options), caching policy (Cache-Control, ETag), the server software, and content type at a glance.

Requests go through a safe server-side proxy, so you see every header verbatim without CORS restrictions. When redirects occur, each hop is traced and the final destination URL and status code are shown together. Just enter a URL.

Key response headers at a glance

  • Content-Type: the body's MIME type and character encoding (charset)
  • Cache-Control / ETag / Last-Modified: caching and revalidation policy
  • Strict-Transport-Security: whether HTTPS is enforced (HSTS)
  • Content-Security-Policy: restrictions on script and resource origins
  • X-Frame-Options: framing restrictions to prevent clickjacking
  • Server: server software (be cautious about exposing it)

Reading status codes and redirects

2xx means success, 3xx a redirect, 4xx a client error, and 5xx a server error. This tool follows redirects such as 301 and 302 and records each hop, so you can confirm that http to https enforcement or www normalization works as intended. If the final URL differs from your input, a redirect occurred.

How to use it

It is great for quickly verifying after a deploy that security headers are not missing, that your CDN and cache policy is applied, and that there are no broken redirect loops. Only headers are fetched, not the body, so it stays light and fast. To grade just the security headers, use the security headers checker; to trace a redirect chain hop by hop, use the HTTP status & redirect checker.

Frequently asked questions

Does it download the body (HTML)?
No. This tool only checks response headers and the status code; it does not download the body, which keeps it fast and light on bandwidth.
Why use this instead of browser dev tools?
Browsers hide some cross-origin headers due to CORS policy. This tool requests directly from the server and shows every response header verbatim.
How are redirects shown?
It follows redirects such as 301 and 302 up to a limit, then shows the final destination URL and final status code. If your input and the final URL differ, there was a redirect.
Can it query private or internal addresses?
No. For safety it blocks private/internal IP ranges and dangerous schemes (SSRF protection). Only public http/https URLs can be checked.
Are results cached?
Results for the same URL are cached for about 60 seconds for speed. If a header you just changed is missing, try again shortly.

Related tools

HTTP / API
cURL Command Builder
Build a runnable cURL command from method, headers and body.
cURL Command Parser
Break a cURL command into method, URL, headers and body.
Latency Percentile Calculator
Compute p50, p90, p95 and p99 from a list of response times.
HTTP Status & Redirect Checker
Trace the HTTP status code and full redirect chain step by step.
HTTP/2 & HTTP/3 Check
Check whether a server supports HTTP/2 (ALPN) and HTTP/3 (Alt-Svc).
CORS Configuration Check
Check a URL's CORS (Access-Control-Allow-*) headers via preflight.