Inspect response headers, security grade and redirect chain for any URL.
Enter a URL above to inspect its HTTP response headers.
HTTP response headers are sent by a web server with every response. They control browser behaviour, caching, security policies and more. This tool fetches the headers from any public URL and analyses them for security best practices.
The grade is based on the presence of six key security headers: HSTS, Content-Security-Policy, X-Frame-Options, X-Content-Type-Options, Referrer-Policy and Permissions-Policy. All six present = A. Missing high-importance headers like HSTS or CSP will significantly lower the grade. These headers protect against common web attacks like XSS, clickjacking and protocol downgrade attacks.