HTTP Response Checker

View the full HTTP response headers for any URL — status code, server, cache-control, content-type, and more.

Frequently Asked Questions

Common questions about the HTTP Response Checker tool.

They describe the response: content type, length, encoding, cache rules, cookies, security headers, and custom application headers. Every browser and crawler reads them before the body.

Cache-Control (HTTP/1.1) is newer and more expressive: you can set public/private, max-age, must-revalidate, immutable, etc. Expires (HTTP/1.0) is a simple absolute timestamp. Cache-Control overrides Expires when both are present.

Hiding or customising the Server header (e.g. `Server: nginx` → `Server: secure`) is a very weak form of security-through-obscurity. It doesn't stop targeted attackers, but it slightly reduces drive-by scanner hits.

`Cache-Control: public, max-age=31536000, immutable` for fingerprinted assets (e.g. `app.a1b2c3.js`). For un-fingerprinted static files, use a shorter max-age (300-3600s) with `must-revalidate`.

More Free Tools

SSL Certificate Checker

Security Headers Scanner

Blacklist / DNSBL Check

HTTP Response Checker

Results

Frequently Asked Questions

What are HTTP response headers used for?

What's the difference between Cache-Control and Expires?

Why is the Server header often hidden?

What's a good Cache-Control for static assets?

More Free Tools