Analyze any URL's response headers, redirect chain and security header configuration.
Shows all redirect steps β HTTP β HTTPS, www β apex β with their status codes.
Checks for critical security headers: HSTS, CSP, X-Frame-Options, Referrer-Policy and more.
Shows Cache-Control, ETag and Expires headers used for caching behaviour.
Reveals Server, X-Powered-By and other infrastructure headers.
HTTP response headers carry crucial information about how a server behaves: security policies, caching directives, content type, and redirect chains. Analyzing headers is essential for debugging, security audits, and performance optimization.
HTTP Strict Transport Security (HSTS) forces browsers to always use HTTPS for a domain. Critical for security β prevents downgrade attacks and cookie hijacking.
Content Security Policy (CSP) controls what resources a browser can load for a page, preventing XSS attacks. One of the most important security headers.
Prevents your page from being embedded in an iframe on other sites, protecting against clickjacking attacks. Modern equivalent is CSP frame-ancestors directive.
Redirect chains (301β302β200) slow page load time and can dilute SEO link equity. Each unnecessary redirect adds 100-300ms of latency.