codynet

HTTP

HTTP Security Header Checker

Check HTTP response headers, redirect chains, and security headers (HSTS, CSP, COOP, and more) for any URL.

HTTP header inspector

Send a HEAD/GET request and follow redirects. Headers + status only — no body.

Private and reserved address ranges are blocked at the resolver layer.

Results

Run a lookup to see structured results here.

Practical guide

How to inspect HTTP headers

Use this page to see the status, redirect path, and response headers a server sends before a browser renders the page.

What this tool checks

The HTTP header inspector requests a URL and reports the status code, redirect chain, and response headers. Headers can reveal caching rules, content type, compression, cookies, CDN behavior, and security policies such as HSTS, CSP, X-Frame-Options, COOP, and Referrer-Policy.

When to use it

Use it after deploying a site, changing redirect rules, moving behind a CDN, or tightening browser security headers. It is especially helpful when a page works in one browser but fails in another, or when SEO tools report redirect, canonical, mixed-content, or header-related warnings.

How to read the result

Start with the status code. A 200 response means the final URL returned content, 3xx responses show redirects, 4xx responses usually indicate a client or permission problem, and 5xx responses usually indicate a server-side failure. Then review the redirect chain and security headers to confirm the final URL is the one users and crawlers should see.

Example HTTP header check

Example input
https://example.com
Example result
status: 200
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=31536000
cache-control: max-age=604800

Security and caching headers are only useful when they are present on the final response users actually receive.

Related tools

TLS Certificate Inspector

Check the certificate behind the HTTPS endpoint and confirm trust status.

Open tool

DNS Lookup

Verify that a hostname resolves to the expected site or CDN target.

Open tool

Domain Whois / RDAP

Check registration data when ownership or domain status is part of the issue.

Open tool

Related guides

TLS Certificate Expiration And Troubleshooting

How TLS certificates fail and how to inspect what's actually served.

Read guide

What Is A CAA Record?

CAA records gate which CAs can issue certs for your domain — a useful complement to HTTP security headers.

Read guide

FAQ

Why does the tool show a different URL than I entered?
The site may redirect HTTP to HTTPS, a bare domain to www, or an old path to a new path. Review the redirect chain to confirm the final URL is intentional.
Which security headers matter most?
For most HTTPS sites, start with Strict-Transport-Security, Content-Security-Policy, X-Content-Type-Options, Referrer-Policy, and clickjacking protections such as X-Frame-Options or frame-ancestors in CSP.
Why do headers differ between tools?
Servers and CDNs can vary responses by method, user agent, region, protocol, or cache state. If results differ, test the final URL and compare with the equivalent curl command.

Last reviewed: 2026-05-20.