HTTP header checker
View the final HTTP status, every response header we see, and a focused view of common security headers after redirects.
What an HTTP header check is for
Response headers tell clients and crawlers how to cache content, enforce HTTPS, mitigate clickjacking, declare a content security policy, and more. Security reviews, launch checklists, and “why is the CDN doing X?” threads almost always start with the header list.
People (and LLMs helping them) often ask: “What status code did we get after redirects?” “Is HSTS or CSP present?” “Which server or cache layer added this header?” This surfaces the full header set plus a short security-oriented highlight panel.
Pair it with the SSL checker when you are validating a new deployment or comparing staging vs production behavior.
How this tool works
Short technical summary of what runs on our servers when you click the button.
We try HEAD to avoid downloading bodies, then fall back to GET when the origin only allows GET. Redirects are followed manually with the same host safety checks as our other URL tools.
You see the last hop’s status and headers—the ones that matter for “what the client ultimately receives” after a redirect chain.
Only http/https URLs to publicly reachable hosts are allowed. Private addresses and metadata endpoints are rejected.
More BuildSpace tools
All utilities run from our infrastructure with the same safety limits. No account required.
- Site statusSee if a URL responds from our servers—outage vs. local issue.
- DNS lookupA, AAAA, MX, CNAME, TXT, and NS records for a domain.
- SSL certificate checkerCertificate subject, issuer, validity, fingerprint, and SANs.
- Ping & response timeThree-run DNS, TCP, and HTTP timing breakdown (no ICMP).
- WHOIS (RDAP)Registrar and registration data via RDAP where available.
- Website speed testTTFB, sampled bytes, Content-Length, and encoding hints.
- Open port checkerTCP connect test to a host and port from our network.