HTTP Headers
Response headers and redirect chain for a URL.
Response headers for https://bagful.net
| (status) | HTTP/1.1 200 OK |
| Server | nginx |
| Date | Sun, 07 Jun 2026 23:10:21 GMT |
| Content-Type | text/html; charset=UTF-8 |
| Connection | close |
| Vary | Accept-Encoding | Accept-Encoding |
| X-Content-Type-Options | nosniff |
| X-Frame-Options | SAMEORIGIN |
| X-XSS-Protection | 1; mode=block |
| Referrer-Policy | strict-origin-when-cross-origin |
About HTTP Headers
This tool sends a HEAD request to a URL, follows up to five redirects, and returns every response header from every hop in the chain. You see what content type is served, how caching is configured, which cookies the site sets, what server software identifies itself, and any custom headers. The HEAD method avoids downloading the body, so even large responses return in milliseconds.
When to use it
Check headers when a browser shows an unexpected redirect, since the chain reveals exactly which URLs the server visits. Use it to verify a CDN is in front of your origin by looking for CF-Ray, X-Served-By, or X-Cache headers. Web developers use it to confirm cache headers like Cache-Control and ETag are configured correctly for static assets, which directly affects page load performance.
How to read the results
Status codes 200 through 299 are success, 301 and 308 are permanent redirects, 302 and 307 are temporary. Cache-Control directives like max-age=3600 set browser cache duration. Strict-Transport-Security indicates HSTS is active. Server and X-Powered-By headers often reveal the stack, though security-conscious sites strip them. Set-Cookie lines show session and tracking cookies with their flags.
Frequently asked questions
Why are some headers shown as arrays? ▾
When a server sends the same header name multiple times, get_headers returns them as an array of values. This happens most often with Set-Cookie, Link, and Vary headers, where multiple distinct values are valid in one response.
What does a 200 status mean if my page is broken? ▾
A 200 response only means the server returned a response successfully. The body may still contain an error page rendered by the application. To check the actual page content, fetch the body, not just the headers.
How is HEAD different from GET? ▾
HEAD requests return only the headers, no body. The server processes the request identically to GET but truncates the response. Some applications handle HEAD poorly and return 405 errors, in which case the result will show the error.
Why is the Server header missing? ▾
Modern web servers and reverse proxies often hide or rewrite Server headers as a security measure, since the version disclosed could reveal known vulnerabilities. Nginx, Apache, and Cloudflare all support stripping the header in their configurations.