Question 1

Is this HTTP header checker really free?

Accepted Answer

Yes. No sign-up, no limits. Check as many URLs as you want, completely free on Linkrify.

Question 2

What are HTTP response headers?

Accepted Answer

HTTP headers are metadata sent between a browser and a web server with every request and response. Response headers are what the server sends back to the browser — they control caching, security policies, content type, and server information. This tool shows you all response headers for any URL you enter.

Question 3

What is the difference between request headers and response headers?

Accepted Answer

Request headers are sent by the browser to the server — they include things like the Accept-Language and User-Agent. Response headers are sent by the server back to the browser — they include Cache-Control, Content-Type, security headers, and server information. This HTTP header checker shows response headers.

Question 4

What security headers should every website have?

Accepted Answer

Every website should have at minimum: Strict-Transport-Security (HSTS) with max-age=31536000 to enforce HTTPS, X-Frame-Options set to SAMEORIGIN to prevent clickjacking, and X-Content-Type-Options set to nosniff to prevent MIME sniffing attacks. Content-Security-Policy (CSP) is also strongly recommended to prevent cross-site scripting (XSS) attacks.

Question 5

Why does my site show a 'Server: nginx' or 'Server: Apache' header?

Accepted Answer

The Server header reveals your web server software and version to anyone who looks. This is a security risk because attackers can use that information to target known vulnerabilities. Remove or obfuscate it — on Apache use 'Header unset Server', on Nginx use 'server_tokens off', and on Cloudflare toggle it under Speed > Optimization.

Question 6

What is a good Cache-Control header value?

Accepted Answer

It depends on the resource type. For static assets like images, CSS, and JS files, use max-age=31536000 (one year). For HTML pages, use max-age=3600 (one hour). For dynamic or user-specific content, use no-cache so the browser always revalidates with the server before serving a cached version.

Question 7

How do I remove the Server header from HTTP responses?

Accepted Answer

On Apache, add 'Header unset Server' to your .htaccess or server config. On Nginx, add 'server_tokens off' to your nginx.conf. If you use Cloudflare, you can toggle server header removal under Speed > Optimization settings.

Question 8

What is Content-Security-Policy and do I need it?

Accepted Answer

Content-Security-Policy (CSP) is a security header that tells the browser which sources of scripts, styles, and other resources are allowed to load on your page. It is one of the most effective defenses against cross-site scripting (XSS) attacks. Start with Content-Security-Policy-Report-Only to monitor without blocking, then switch to enforcement once you've confirmed no legitimate sources are blocked.

Question 9

Can I use this HTTP header checker to debug API endpoints?

Accepted Answer

Yes. Enter any API endpoint URL and check that the Content-Type is returning application/json, verify CORS headers like Access-Control-Allow-Origin are set correctly, and confirm that no unnecessary server information is being exposed in the response headers.

Question 10

What HTTP headers affect SEO?

Accepted Answer

Several headers directly affect SEO. The Link header with rel=canonical tells search engines the preferred version of a URL. X-Robots-Tag can block search engines from indexing a page, similar to a meta robots tag. Cache-Control affects how quickly updated content is crawled and refreshed by search engines. Content-Type signals the format of your content to crawlers.

Free HTTP Header Checker — View Response Headers for Any URL

What Are HTTP Headers?

Headers That Matter

SEO Headers

Security Headers

⚠️ Headers to fix immediately

Frequently Asked Questions

Inspect Your Headers, Secure Your Site