What Your Server Is Telling Browsers (And You’re Probably Not Checking)
Every time someone loads your page, your server sends back a bunch of headers alongside the HTML. Most people never look at them. But those headers control caching (is your CSS being cached for 5 seconds or 5 days?), security (is HSTS enabled? what about CSP?), and SEO (is an X-Robots-Tag accidentally blocking Google from indexing your page?).
Enter a URL and this tool sends a HEAD request, then displays every response header in a clean table. It’s basically curl -I but without opening a terminal.
What to Look For
SEO headers. An X-Robots-Tag set to noindex will keep your page out of Google’s index, and it’s easy to leave this on accidentally after a staging deployment. The Link header might contain a rel=canonical directive. Content-Type should include the right charset (usually UTF-8).
Security headers. Strict-Transport-Security (HSTS) forces HTTPS connections. Content-Security-Policy limits what scripts and resources can run. X-Frame-Options prevents clickjacking. X-Content-Type-Options stops MIME sniffing. If any of these are missing, you’ve got gaps in your security posture.
Caching headers. Cache-Control tells browsers and CDNs how long to cache your content. max-age=3600 means one hour. max-age=0, no-store means never cache. Getting this wrong either hammers your server with unnecessary requests or serves stale content to users.
CDN debugging. Cloudflare adds cf-ray headers. CloudFront adds x-amz-cf-id. These help you verify whether your CDN is actually serving requests or being bypassed.
Common Audit Scenarios
You just deployed to production and your CSS changes aren’t showing up, check Cache-Control. Your staging site got indexed by Google, check for a missing X-Robots-Tag. Your site got flagged for clickjacking vulnerability, check X-Frame-Options and CSP.
The tool requires a backend because browsers can’t make arbitrary HEAD requests to other domains (CORS restrictions). It shows response headers only, not request headers. For following redirect chains, use the Redirect Checker. For performance analysis, the Page Speed Checker covers Core Web Vitals.