Limitation: Due to browser security, this tool can only fetch response headers for the current page's URL or resources explicitly allowing cross-origin requests (CORS). It cannot fetch headers for arbitrary external websites.
Enter URL, click Check. See all response headers: status, content type, server, cache, security headers.
Understand HTTP headers instantly. Debug server configs and API responses without developer tools.
Status code, content type, server info, cache control, security policies, cookies.
Yes, CSP, X-Frame-Options, HSTS protect from attacks.
Most public URLs; some may block or have CORS limits.
200 success; 301/302 redirect; 404 not found; 500+ errors.