HTTP Headers Scanner

Enter the URL whose headers you want to view

Http headers

x-frame-options Specifies whether browser should show page in an iFrame
x-xss-protection Enables Cross Site Scripting (XSS) filtering
x-content-type-options Disables MIME Sniffing and forces browser to use type shown in Content-Type
x-ua-compatible Compatiability header for old versions of Microsoft Internet Explorer (IE) and Edge
strict-transport-security HSTS informs browser to use HTTPS not HTTP
p3p Privacy Protocol that was not widely adopted
referrer-policy Rules which referrer information sent in the referrer header is incorporated with requests
content-security-policy Controls which resources the client can load for the page
access-control-allow-origin Details whether the response can be shared.
access-control-allow-credentials Header tells browser whether to expose the response to frontend JavaScript
access-control-max-age It indicates how long the results of a preflight request can be cached.
access-control-allow-methods Specifies the method or methods allowed when accessing the resource in response to a preflight request.
access-control-allow-headers Indicate which HTTP headers can be used during the actual request.
access-control-expose-headers Allows a server to indicate which response headers should be made available to scripts running in the browser, in response to a cross-origin reques
content-encoding Specifies compression type
vary Details how to determine if cache can be used rather than a new response from server
x-powered-by Hosting and Backend Server Frameworks may use this. Can reveal sensitive information (version and software).
www-authenticate Defines the authentication method that should be used to gain access to a resource.
cache-control Details caching options in requests and responses
pragma Related to caching, may be implemented in different ways.
age Time in seconds resource has been in proxy cache
connection Controls network connection
cookie-security A small piece of data that a server sends to the users web browser.
expect-ct Reporting and enforcement of Certificate Transparency. Prevents the use of mis-issued certificates for the site. When enabled the Expect-CT header requests that Chrome checks certificates for the site appear in public CT logs.
timing-allow-origin specifies origins that are allowed to see values of attributes retrieved via features of the Resource Timing API, which would otherwise be reported as zero due to cross-origin restrictions.
custom-headers Custom HTTP headers are commonly meant to provide additional information that may be pertinent to a web developer, or for troubleshooting purposes.
x-dns-prefetch-control HTTP response header controls DNS prefetching, a feature by which browsers proactively perform domain name resolution on both links that the user may choose to follow as well as URLs for items referenced by the document, including images, CSS, JavaScript, and so forth.
x-download-options Specific to IE8. Stops downloads opening directly in browser.
x-permitted-cross-domain-policies The X-Permitted-Cross-Domain-Policies header tells clients like Flash and Acrobat what cross-domain policies they can use.
report-to Header used for adding troubleshooting information
feature-policy provides a mechanism to allow and deny the use of browser features in its own frame, and in content within any iframe elements in the document.
permissions-policy The Permissions-Policy HTTP header replaces the existing Feature-Policy header for controlling delegation of permissions and powerful features.
clear-site-data The Clear-Site-Data header clears browsing data (cookies, storage, cache) associated with the requesting website.
content-type Denotes the type of media
cross-origin-resource-policy The HTTP Cross-Origin-Resource-Policy response header conveys a desire that the browser blocks no-cors cross-origin/cross-site requests to the given resource.
nel An option for developers to set network error reporting.
cross-origin-embedder-policy The HTTP Cross-Origin-Opener-Policy (COOP) response header allows you to ensure a top-level document does not share a browsing context group with cross-origin documents.
cross-origin-opener-policy The HTTP Cross-Origin-Opener-Policy (COOP) response header allows you to ensure a top-level document does not share a browsing context group with cross-origin documents.
x-robots-tag Allows you to choose content search engines can crawl on the site


We Love to Listen to Your Requirements

If you have a design project you would like us to quote, please send us a message outlining your ideas. If we are able to take on your project, we will be in touch with details and any additional questions we may have in order to provide an accurate quote for your project.

Scroll to Top