HTTP headers lookup

What is an HTTP Headers Lookup?

An HTTP Headers Lookup retrieves all the response headers returned by a web server when a GET request is made to a URL. HTTP headers carry essential metadata about the response, including caching directives, security policies, content type, and server configuration details.

Key Headers to Look For

• Content-Type — Specifies the media type of the response (e.g., text/html, application/json), telling the browser how to interpret the content.
• Cache-Control — Defines caching policies that determine how long browsers and CDNs should store the response before requesting a fresh copy.
• Strict-Transport-Security (HSTS) — Forces browsers to only connect via HTTPS, preventing downgrade attacks and insecure connections.
• Content-Security-Policy (CSP) — Restricts which resources the page can load, providing protection against cross-site scripting (XSS) attacks.
• X-Frame-Options — Prevents the page from being embedded in iframes on other sites, protecting against clickjacking attacks.
• Server — Identifies the web server software (e.g., nginx, Apache, Cloudflare), though many sites hide this for security.
• X-Content-Type-Options — Prevents browsers from MIME-type sniffing, reducing the risk of content type-based attacks.

Why Check HTTP Headers?

HTTP headers reveal how well a website is configured for security, performance, and compatibility. Missing security headers leave websites vulnerable to common attacks, while improper caching headers can cause performance issues or stale content. Regular header audits are a best practice for maintaining a secure and performant web presence.