Loading…
Loading…
HTTP headers checker
Fetch HTTP response headers for any URL and get a security header analysis — checking for HSTS, Content Security Policy, X-Frame-Options, X-Content-Type-Options, Referrer Policy, and HTTPS status.
Last reviewed
June 23, 2026
Before launching a web application, run the URL through the headers checker to confirm HTTPS is active, HSTS is set, Content Security Policy is present, and X-Frame-Options prevents clickjacking from unknown origins.
The tool sends a request to the target URL through the DevTool House API service and returns the response status, headers, and a weighted security score based on the presence and configuration of key security headers.
The request is sent from the DevTool House API service, so the target server sees a request from this service rather than your IP. Do not check URLs that require authenticated sessions or private API endpoints.
The tool checks publicly accessible URLs. It cannot inspect headers behind authentication, on internal networks, or from APIs that block external requests. Header values are reported but not deeply analysed for correctness of each policy directive.