SQL Formatter
Format SQL queries with dialect-aware indentation, keyword casing, and spacing options.
HTTP Security Headers Checker
Check a website's HTTP security headers, redirect chain, and common browser protection settings.
How to use this HTTP security headers checker
- Enter the public URL you want to inspect.
- Review the redirect chain to confirm the final page is the one you expected.
- Use the header checks to find missing browser protections.
- Copy the header names into your web server, CDN, framework, or hosting configuration.
HTTP Security Headers Checker features
- Follow redirects and show the final URL that was checked.
- Check HSTS, CSP, frame protection, MIME sniffing, referrer policy, permissions policy, and opener policy.
- Prioritize failed, warning, and passing checks so the most important fixes appear first.
- Explain what each header does, why it matters, and how to fix it.
- Display the raw final response headers for troubleshooting.
Why security headers matter
HTTP security headers tell browsers how to handle scripts, frames, MIME types, referrer data, HTTPS enforcement, and cross-origin windows. They do not replace secure application code, but they add browser-level guardrails around common web risks.
How the checker works
The checker follows up to five redirects, evaluates the final response headers, and reports missing, report-only, or unexpected values without crawling the whole site.
HTTP security headers FAQ
Which URL should I check?
Check the exact page visitors use, such as your homepage, login page, app dashboard, or checkout flow. Headers can vary by path and subdomain.
Does a passing result mean my site is secure?
No. Security headers are one layer. A site can have good headers and still have application, dependency, authentication, or authorization issues.
Why was my URL blocked?
Only public websites can be checked. Local, private-network, and reserved addresses are blocked, so use the public production or staging URL instead.