HTTP Headers Analyzer
Analyze HTTP response headers — security, caching, compression, server config. Instant results.
What We Check
Every check comes with a pass/fail result and specific fix instructions.
Sec Strict Transport Security
HSTS tells browsers to always use HTTPS. Prevents protocol downgrade attacks.
Sec Content Security Policy
CSP controls which resources can load on your page. Prevents XSS attacks.
Sec X Frame Options
Prevents your page from being embedded in iframes on other sites (clickjacking).
Sec X Content Type Options
Prevents MIME type sniffing. Always set to nosniff.
Sec Referrer Policy
Controls how much referrer information is sent when navigating away.
Sec Permissions Policy
Controls browser features like camera, microphone, geolocation access.
Sec Cross Origin Opener Policy
Isolates your window from cross-origin popups (prevents tabnabbing).
Sec Cross Origin Resource Policy
Controls whether other origins can read your resources.
Cache-Control
Cache-Control header determines how browsers and CDNs cache your content.
Compression
Gzip or Brotli compression reduces transfer size by 60-80%.
Server Leak
Server header with version info helps attackers find known vulnerabilities.
X-Powered-By
X-Powered-By reveals your tech stack. Hide it to reduce attack surface.
Why It Matters
Numbers that make a difference for your website.
Headers
All important headers checked
Smaller
With proper compression
Leaks
Hide your tech stack
Cache
Proper caching strategy
Frequently Asked Questions
Common questions about this tool and how to use the results.
Ready to audit your site?
Enter your URL above and get results in seconds. Completely free.
Start Audit