Free HTTP header inspector. Check security headers, CORS, cache-control, and content-type. Validate HTTP response headers for any URL. Get instant recommendations.
The Header Inspector on httpstatus.com sends a request to any public URL and returns a complete breakdown of both response and inferred request headers. It categorizes headers into security, caching, content negotiation, and custom groups, annotating each with explanations of its purpose and whether the value follows recommended best practices. Security-sensitive headers like Content-Security-Policy, Strict-Transport-Security, and X-Frame-Options receive dedicated pass/fail assessments with remediation guidance.
Security auditors reviewing header hardening across a domain, frontend engineers debugging content-type mismatches, and DevOps teams validating CDN header transformations use the Inspector to get immediate, human-readable feedback. The tool supports custom request methods and headers so you can replicate exactly the scenario you need to diagnose. It integrates with the CORS Debugger and SSL Checker in the httpstatus.com security suite for comprehensive endpoint analysis.