DevTab

HTTP Header Analyzer

Never leaves your browser

Analyze response header parameters and audit security header compliance.

Raw Response Headers Input

Loading...

Headers Security Audit

Security Score50% Compliance
3 of 6 secure headers set

Parsed Headers Directory

permissions-policymissing

Not set

Missing. Permissions policy helps enforce feature isolation.

strict-transport-securitymissing

Not set

Missing. Risk of SSL stripping / connection hijack.

x-content-type-optionsmissing

Not set

Missing. Risk of script execution from sniffed resources.

cache-controlinfo

public, max-age=3600

Specifies caching mechanisms for requests and responses.

content-encodinginfo

gzip

Specifies the compression algorithm used on the body (gzip, br, etc.).

content-security-policygood

default-src 'self' https:;

Prevents XSS, clickjacking, and code injection by controlling approved sources.

content-typeinfo

text/html; charset=UTF-8

Indicates the media type of the resource (MIME type).

dateinfo

Wed, 08 Jul 2026 22:45:00 GMT

The date and time at which the message was originated.

referrer-policygood

strict-origin-when-cross-origin

Controls how much referrer info is sent when navigating away from the page.

serverinfo

cloudflare

Identifies the software used by the originating server.

x-frame-optionsgood

SAMEORIGIN

Prevents clickjacking attacks by blocking the page from loading in frames or iframes.

11 linesAudit: 50% secure