Get HTTP Headers


Enter a URL



Get HTTP Headers

Validate the headers of any server. Our tool will show you all the details needed about what is being sent from any specific server.

This tool is superb for doing header validations and to strengthen the security. 

These are just a couple of all the details you will be able to find out with the help of our tool

  • Access-Control-Allow-Credentials
  • Access-Control-Allow-Headers
  • Access-Control-Allow-Methods
  • Access-Control-Allow-Origin
  • Access-Control-Expose-Headers
  • Access-Control-Max-Age
  • Accept-Ranges
  • Allow (GET, HEAD, POST, OPTIONS)
  • Cache-Control
  • Client-Date
  • Client-Peer
  • Client-Response-Num
  • Connection (for example Keep-Alive)
  • Content-Disposition (attachment; filename=”whatismyip.txt”)
  • Content-Encoding (for example gzip)
  • Content-Language
  • Content-Length
  • Content-Location
  • Content-MD5
  • Content-Range
  • Content-Security-Policy,
  • X-Content-Security-Policy,
  • X-WebKit-CSP
  • default-src ‘self’
  • Content-Security-Policy-Report-Only
  • Content-Type (text/html)
  • ETag
  • HTTP Code (200, 201, 301, 302, 401, 402, 403, 404, 500, 501, 502, 503, 504, 505)
  • Proxy-Connection (Keep-Alive)
  • Server (Apache, nGinx)
  • Status (200 OK)
  • Strict-Transport-Security (max-age=16070400; includeSubDomains)
  • Timing-Allow-Origin (www.whatismyip.org)
  • Transfer-Encoding (compress, deflate, gzip, identity)
  • X-Frame-Options (Deny / Allow)
  • X-Permitted-Cross-Domain-Policies (Master only / all)
  • X-Powered-By (PHP, .NET, Go)
  • X-Robots-Tag (noindex,nofollow)
  • X-XSS-Protection (mode=block)