HTTP Headers
Fetch a URL and inspect response headers, status code, and redirect chain.
Security headers break silently. HSTS, CSP, and X-Frame-Options all need ongoing validation.
Monitor HTTP headers continuously
- ✓Header change detection
- ✓Security score tracking
- ✓HSTS / CSP / CORS monitoring
- ✓Email + Slack alerts
- ✓Historical diff view
- ✓SSL correlation
Frequently Asked Questions
What are HTTP response headers?
HTTP response headers are key-value pairs the server sends with every response, before the body. They tell the browser how to handle the content — caching policy, content type, security directives, cookies, redirects, and more. Inspecting them is the first step in debugging caching problems, CORS errors, and security issues.
What headers should every website have for security?
- Strict-Transport-Security — forces HTTPS.
- Content-Security-Policy — restricts what the browser can load.
- X-Frame-Options or CSP
frame-ancestors— prevents clickjacking. - X-Content-Type-Options: nosniff — stops MIME-type sniffing.
- Referrer-Policy — controls how much referrer info is sent.
- Permissions-Policy — limits access to browser APIs.
What does a redirect chain look like?
A redirect chain is a series of 301/302 responses before the browser reaches the final destination. For example: http:// → https:// → https://www. → final page. Each hop adds latency. Long chains (4+ hops) hurt performance and can cause SEO issues; aim for a single redirect.
What is Cache-Control and how does it affect performance?
Cache-Control tells browsers and CDNs how long to cache a response. max-age=86400 caches for 24 hours; no-store prevents caching entirely; must-revalidate requires a check with the server before serving a stale copy. Setting appropriate cache headers is one of the most impactful performance improvements for static assets.