Free HTTP headers checker. Inspect every response header from any URL, with per-phase timing (DNS, connect, TLS, time-to-first-byte, total) measured from our London probe, the full redirect chain, status code, and Server signature. Choose the method, follow redirects, and send a custom User-Agent or request headers. Use it to debug deployments, audit security headers (CSP, HSTS, X-Frame-Options), and verify CDN configuration.
Every HTTP response carries headers that describe how the server, its cache, and any CDN in front of it are behaving. This tool requests a URL from a London probe and returns the raw headers along with the status code and Server signature. You can choose the request method, follow the full redirect chain, and send a custom User-Agent or extra request headers, which is useful for reproducing how a specific client or bot sees the page.
It also breaks down per-phase timing: DNS resolution, TCP connect, TLS handshake, time-to-first-byte, and total time. Seeing where the milliseconds go makes it easy to tell a slow origin from a slow network path, and a cf-cache-status: HIT header confirms a CDN is serving the response instead of your origin.
The response headers are where a site's security posture lives. This tool surfaces headers like Content-Security-Policy, Strict-Transport-Security (HSTS), and X-Frame-Options, so you can confirm the protections you configured are actually being sent. A policy that is set in code but missing from the live response, often stripped by a proxy or never deployed, is a common and easy-to-miss gap.
Caching headers such as Cache-Control and ETag control how long browsers and CDNs hold a response, and the redirect chain shows every hop from the URL you entered to the final destination. Following that chain is the quickest way to catch a stray HTTP-to-HTTPS loop or an unexpected extra redirect that adds latency.
Enter the URL above and the tool returns every response header, the status code, and the Server signature exactly as the host sent them, measured from an external probe.
The tool lists security headers such as Content-Security-Policy, Strict-Transport-Security, and X-Frame-Options from the live response, so you can confirm they are present and not being stripped before they reach the client.
Many URLs redirect one or more times before serving content, for example HTTP to HTTPS or a bare domain to www. Showing every hop helps you spot redirect loops or extra steps that add latency.
Look for cache headers like cf-cache-status, x-cache, or Age in the response. A HIT value means the CDN served the response from its edge rather than fetching it from your origin.