HTTP Header Checkerとは?
An HTTP header checker shows you the exact response headers a server sends back for a URL — the metadata browsers act on but never display. Enter any address and this tool makes a live request and lists every header: status code, Content-Type, Cache-Control and ETag, the security headers (Strict-Transport-Security, Content-Security-Policy, X-Frame-Options, X-Content-Type-Options), CORS headers (Access-Control-Allow-Origin), redirects, and server identity (Server, Set-Cookie). Use it as a header checker to audit a site's security posture, as an HTTP header tester to confirm a caching or CORS change deployed correctly, or to check the server headers of an API before you integrate. For example, checking https://example.com returns a 200 with its Content-Type and cache directives, so you can immediately see whether HSTS is present or a CSP is missing. It runs a real server-side request, so you see what a browser actually receives — not a cached guess.
HTTP Header Checkerの使い方
- Enter the full URL you want to inspect (include https://).
- Run the check to send a live request and read the response.
- Review the status code and every response header returned.
- Look for missing security headers (HSTS, CSP, X-Frame-Options).
- Copy the header list for an audit, ticket, or documentation.
よくある使用例
- Auditing a site's security headers (HSTS, CSP, X-Frame-Options)
- Testing that a caching or CORS header change deployed correctly
- Checking server headers of an API endpoint before integrating
よくある質問
- How do I check the HTTP headers of a website?
- Paste the site's URL and run the check. This HTTP header checker sends a live request and lists the full response — status code, content type, caching, security, and CORS headers — the same way a browser or curl -I would.
- What is the difference between checking and testing HTTP headers?
- They are the same task. Whether you call it a header checker, HTTP header tester, or 'check server headers', the goal is to see the raw response headers a server returns so you can verify security and caching behaviour.
- Which security headers should I look for?
- Strict-Transport-Security (HSTS), Content-Security-Policy (CSP), X-Content-Type-Options, X-Frame-Options, and Referrer-Policy. Missing ones are common, fixable weaknesses this checker highlights.
- Does it follow redirects?
- Yes. It reports the final response after following redirects, and you can see the status codes involved so you can spot redirect chains.