Free Headers Sniffer
Analyze HTTP headers and check security headers for any website
Check HTTP Headers
Enter a URL to analyze its HTTP headers. This tool will show you all request and response headers, security headers, and provide recommendations for improving security.
Response Headers
These headers are sent by the server in response to your request.
| Header | Value |
|---|---|
| Loading headers... | |
Request Headers
These headers were sent by your browser when making the request.
| Header | Value |
|---|---|
| Loading headers... | |
Security Headers Analysis
This analysis checks for important security headers and provides recommendations.
Raw Headers
This is the raw header data received from the server.
Understanding HTTP Headers
HTTP headers are key-value pairs sent at the beginning of HTTP requests and responses. They provide important information about the browser, server, and the data being transferred.
Common Response Headers
| Header | Description |
|---|---|
| Content-Type | Indicates the media type of the resource (e.g., text/html, application/json) |
| Content-Length | The size of the response body in bytes |
| Server | Information about the server software |
| Date | The date and time the response was sent |
| Cache-Control | Directives for caching mechanisms |
Important Security Headers
| Header | Description | Importance |
|---|---|---|
| Content-Security-Policy (CSP) | Helps prevent Cross-Site Scripting (XSS) and other code injection attacks | High |
| X-XSS-Protection | Enables browser's built-in XSS filtering | Medium |
| X-Frame-Options | Prevents clickjacking attacks by controlling if a page can be embedded in frames | High |
| X-Content-Type-Options | Prevents MIME type sniffing | Medium |
| Strict-Transport-Security (HSTS) | Forces browsers to use HTTPS for the website | High |
| Referrer-Policy | Controls how much referrer information is included with requests | Medium |
| Permissions-Policy | Controls which browser features and APIs can be used | Medium |
Why Headers Matter
HTTP headers serve several important purposes:
- Security: Many headers help protect against common web vulnerabilities like XSS, CSRF, and clickjacking.
- Performance: Headers like Cache-Control and ETag help optimize website performance through caching.
- Functionality: Headers enable features like cookies, compression, and cross-origin resource sharing.
- Information: Headers provide metadata about the request, response, and the server.
Security Headers Best Practices
To improve your website's security posture, consider implementing these security headers:
- Content-Security-Policy: Implement a strict CSP that only allows trusted sources for scripts, styles, and other resources.
- Strict-Transport-Security: Use HSTS to ensure your site is always accessed over HTTPS.
- X-Frame-Options: Set to DENY or SAMEORIGIN to prevent clickjacking attacks.
- X-Content-Type-Options: Set to nosniff to prevent MIME type sniffing.
- Referrer-Policy: Use a restrictive policy like same-origin or strict-origin-when-cross-origin.
- Permissions-Policy: Restrict access to sensitive browser features that your site doesn't need.
Common HTTP Status Codes
| Code | Description | Category |
|---|---|---|
| 200 | OK - The request was successful | Success |
| 301 | Moved Permanently - The resource has been moved permanently | Redirection |
| 302 | Found - The resource is temporarily located at a different URL | Redirection |
| 400 | Bad Request - The server cannot process the request due to client error | Client Error |
| 403 | Forbidden - The server understood the request but refuses to authorize it | Client Error |
| 404 | Not Found - The requested resource could not be found | Client Error |
| 500 | Internal Server Error - The server encountered an unexpected condition | Server Error |