Inspect a URL's HTTP/HTTPS response headers, redirect chain, and security configuration
• URL: enter a full URL (e.g. https://example.com); a bare domain starts from http:// so a redirect to HTTPS can be observed
• Shows the redirect chain hop by hop and never auto-follows to an untrusted target
• Parses security and performance configuration such as HSTS / CSP / compression / CDN
The HTTP header checker sends one real request to the target URL and returns every response header the server sends, the full redirect chain, and a parsed view of security headers (HSTS, CSP, X-Frame-Options) plus performance signals such as content compression and CDN usage.
Typical uses: confirm a site forces HTTP to HTTPS, verify that security headers are present, diagnose excessive or unexpected redirects, and check whether compression and a CDN are in place. The check runs server-side and re-validates each hop, so it never auto-follows to an untrusted target.
The status code, full redirect chain, and basic headers like Server, along with Strict-Transport-Security (HSTS), Content-Security-Policy (CSP), X-Frame-Options, X-Content-Type-Options, Referrer-Policy, plus Content-Encoding compression and CDN signals.
It means that starting from http://, the whole redirect chain never lands on https://. Configure a forced HTTP-to-HTTPS redirect on your server or CDN and enable HSTS to improve transport security.
HSTS lets browsers connect over HTTPS directly on later visits, lowering downgrade risk; CSP mitigates XSS and injection. Both are recommended; this tool flags whether they are set, and CSP is shown for reference only and does not count toward the optimization check.
The response carries no gzip/br compression header, or the headers show no common CDN fingerprint. Compression reduces transfer size, and a CDN improves access speed across regions while also providing HTTPS and security headers automatically.