HTTP Header Analyzer
Analyze HTTP response headers and check security headers. Paste raw headers to get a security score.
Tip: Use browser DevTools (Network tab) or curl -I URL to get headers
Security Audit
Check 10 critical security headers including HSTS, CSP, X-Frame-Options, and COOP.
Security Score
Get a weighted security score based on the presence and severity of security headers.
Header Categories
Filter headers by category: security, cache, CORS, and general headers.
How to Use the HTTP Header Analyzer
- 1. Get HTTP headers using
curl -I https://your-site.comor from browser DevTools (Network tab). - 2. Paste the raw headers into the input area and click Analyze.
- 3. Review the Security Score and individual header checks with severity levels.
- 4. Use the category filter to focus on security, cache, CORS, or general headers.
- 5. Add missing critical headers to your server configuration to improve your security score.
Frequently Asked Questions
What are HTTP response headers?
HTTP response headers are metadata sent by the server along with the requested resource. They contain information about caching, content type, security policies, CORS settings, and more. Properly configured headers are essential for security and performance.
What are the most important security headers?
The most critical security headers are: Strict-Transport-Security (HSTS) to enforce HTTPS, Content-Security-Policy (CSP) to prevent XSS attacks, and X-Frame-Options to prevent clickjacking. Additional important headers include X-Content-Type-Options, Referrer-Policy, and Permissions-Policy.
How do I add security headers to my website?
Security headers are configured on the server side. In Nginx, use the add_header directive. In Apache, use the Header set directive. For Vercel/Netlify, configure headers in vercel.json or netlify.toml. For Express.js, use the helmet middleware package.
What is a good security header score?
A score of 80% or above is considered good, meaning most critical security headers are present. A score below 50% indicates significant security header gaps that should be addressed. Focus on implementing HSTS, CSP, and X-Frame-Options first as they provide the most protection.