HTTP Headers Inspector

HTTP response headers are metadata sent by a web server alongside the page content. They tell the browser how to handle the response — things like caching rules, content type, security policies, redirects, and compression settings. Developers use them to diagnose server configuration issues.

Checking your HTTP headers reveals security misconfigurations, caching problems, missing security policies (like CSP or HSTS), compression status, and how your server identifies itself. Many performance and security issues are hidden in headers that you'd never see in the browser normally.

X-Frame-Options is a security header that prevents your page from being embedded in an iframe on another website, protecting against clickjacking attacks. The recommended values are DENY (never allow framing) or SAMEORIGIN (only allow framing from the same domain).

Cache-Control tells browsers and CDNs how long to store a copy of the response. Values like max-age=31536000 (one year) are used for static assets, while no-cache or no-store prevent caching entirely for dynamic content. Correct cache headers are critical for site performance.