HTTP Headers Inspector
Inspect HTTP request and response headers for any URL. Check security headers, server information, caching policies, and more.
Quick Test URLs
MotesElectronics.com
Google
GitHub
Cloudflare
Microsoft
Amazon
Common HTTP Headers Reference
| Header | Description | Example |
|---|---|---|
Cache-Control |
Directives for caching mechanisms | max-age=3600, public |
Connection |
Control options for the current connection | keep-alive |
Content-Encoding |
Encoding format of the response | gzip |
Content-Length |
Size of the response body in bytes | 348 |
Content-Type |
Media type of the resource | text/html; charset=UTF-8 |
Date |
Date and time the message was sent | Tue, 15 Nov 2024 08:12:31 GMT |
Transfer-Encoding |
Form of encoding used to transfer the payload | chunked |
| Header | Description | Example |
|---|---|---|
Accept |
Media types the client can understand | text/html,application/xhtml+xml |
Accept-Encoding |
Encodings the client can handle | gzip, deflate, br |
Accept-Language |
Languages the client prefers | en-US,en;q=0.9 |
Authorization |
Credentials for HTTP authentication | Bearer eyJhbGciOiJIUzI1NiIs... |
Cookie |
HTTP cookies sent by the client | sessionId=abc123; theme=dark |
Host |
Domain name of the server | moteselectronics.com |
Referer |
Previous web page address | https://google.com |
User-Agent |
Client software information | Mozilla/5.0 (Windows NT 10.0; Win64; x64) |
| Header | Description | Example |
|---|---|---|
Access-Control-Allow-Origin |
Origins allowed to access the resource | * |
Age |
Time in seconds the object has been in cache | 3600 |
ETag |
Entity tag for cache validation | "33a64df551425fcc55e4d42a148795d9f25f89d4" |
Location |
URL for redirects | https://example.com/new-page |
Server |
Server software information | nginx/1.18.0 |
Set-Cookie |
Cookie sent from server to client | sessionId=abc123; HttpOnly; Secure |
Vary |
Headers that affect cache key | Accept-Encoding |
WWW-Authenticate |
Authentication method requested | Basic realm="Access" |
| Header | Description | Example | Status |
|---|---|---|---|
Strict-Transport-Security |
Enforces HTTPS connections | max-age=31536000; includeSubDomains |
Recommended |
Content-Security-Policy |
Controls resources the browser can load | default-src 'self' |
Recommended |
X-Frame-Options |
Prevents clickjacking | SAMEORIGIN |
Recommended |
X-Content-Type-Options |
Prevents MIME type sniffing | nosniff |
Recommended |
Referrer-Policy |
Controls referrer information | strict-origin-when-cross-origin |
Recommended |
Permissions-Policy |
Controls browser features | geolocation=(), camera=() |
Optional |
X-XSS-Protection |
Enables XSS filtering (deprecated) | 1; mode=block |
Deprecated |
| Header | Description | Example |
|---|---|---|
Cache-Control |
Cache directives | max-age=3600, public, no-cache |
Pragma |
Implementation-specific (HTTP/1.0) | no-cache |
Expires |
Date/time after which response expires | Wed, 21 Oct 2025 07:28:00 GMT |
Last-Modified |
Last modification date of the resource | Wed, 21 Oct 2025 07:28:00 GMT |
ETag |
Entity tag for cache validation | "33a64df551425fcc55e4d42a148795d9f25f89d4" |
About HTTP Headers
HTTP headers let the client and server pass additional information with an HTTP request or response. They control caching, authentication, content type, security policies, and much more. Understanding headers is crucial for web development, API integration, and security analysis.
HTTP Status Code Categories
| Code | Category | Description |
|---|---|---|
| 1xx | Informational | Request received, continuing process |
| 2xx | Success | Request successfully received, understood, and accepted |
| 3xx | Redirection | Further action needs to be taken to complete the request |
| 4xx | Client Error | Request contains bad syntax or cannot be fulfilled |
| 5xx | Server Error | Server failed to fulfill a valid request |