HTTP Header Inspector

All response headers plus a security-headers grade.

Mode

URL to inspect

FAQ

What's a security-headers grade?

We check six common security headers (HSTS, CSP, X-Content-Type-Options, X-Frame-Options, Referrer-Policy, Permissions-Policy) and grade out of 100. Any production site should aim for A.

Does Cache-Control matter for SEO?

Indirectly — better caching = faster load times = better Core Web Vitals. Aim for `public, max-age=` on static assets and `no-cache` on dynamic HTML.

Why is Server header exposed?

Most servers leak version info by default. It's a minor infoleak (tells attackers which CVEs to try first). Consider stripping it in production.

What does gzip or br mean?

Those are compression algorithms. If Content-Encoding shows gzip or br, your server is compressing responses — crucial for page speed.

Ready to publish?

Share your writing on WriteUpCafe

Free account. Thousands of daily readers. Built-in SEO. Nothing to install.

Create your free account