About the HTTP Header Inspector
This HTTP header inspector fetches a URL server-side and shows the full response: the HTTP status code, every response header, the chain of redirects it followed, and how long the request took. It is the quick way to see exactly what a server returns — content type, caching headers, security headers, cookies, the server software and any redirects — without opening developer tools or reaching for curl.
The request is made from our server with SSRF protection: private, loopback and link-local targets are refused, and each redirect hop is re-validated. Use it to debug redirects, confirm HTTPS and HSTS, check cache-control and CORS headers, or verify which server and CDN are answering for a host.
How to use it
- Enter a URL (https:// is assumed if you omit the scheme).
- Submit to fetch the URL and follow its redirects.
- Read the final status code, timing and the full redirect chain.
- Scan the response headers for caching, security and server details.
Examples
- Check that http://example.com redirects to https:// with a 301.
- Inspect cache-control and etag headers to debug a caching issue.
- Confirm security headers like strict-transport-security and content-security-policy are set.
Frequently asked questions
How is this different from the email header analyzer?
This tool inspects HTTP response headers from a web server (status, redirects, caching, security headers). The email header analyzer parses the Received/Authentication headers from an email message. Different kinds of headers entirely.
Does it follow redirects?
Yes. It follows up to eight redirects, re-checking each hop against the SSRF guard, and reports the full chain plus the final response.
Can I inspect internal or localhost URLs?
No. For safety, requests to private, loopback and link-local addresses are refused — this prevents the tool from being used to probe internal infrastructure.
Does it download the page body?
No. It reads only the response headers and cancels the body, so it is fast and lightweight.