Home / Tools / HTTP Headers Viewer

HTTP Headers Viewer for google.com

View all HTTP response headers returned by any URL.

Results for google.com
Checked: Jun 18, 2026 at 14:12 UTC
{ "success": true, "url": "https:\/\/google.com", "status": 200, "headers": { "location": "https:\/\/www.google.com\/", "content-type": "text\/html; charset=ISO-8859-1", "content-security-policy-report-only": "object-src 'none';base-uri 'self';script-src 'nonce-Ah08HwuVktPi3OIc7-0KuQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https:\/\/csp.withgoogle.com\/csp\/gws\/other-hp", "date": "Thu, 18 Jun 2026 14:12:02 GMT", "expires": "-1", "cache-control": "private, max-age=0", "server": "gws", "content-length": "220", "x-xss-protection": "0", "x-frame-options": "SAMEORIGIN", "alt-svc": "h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000", "accept-ch": "Sec-CH-Prefers-Color-Scheme", "p3p": "CP=\"This is not a P3P policy! See g.co\/p3phelp for more info.\"", "set-cookie": "__Secure-BUCKET=CMEC; expires=Tue, 15-Dec-2026 14:12:02 GMT; path=\/; domain=.google.com; Secure; HttpOnly", "accept-ranges": "none", "vary": "Accept-Encoding" } }

What is HTTP Headers Viewer?

HTTP Headers Viewer displays all response headers returned by any URL. Headers control caching, security, content type, redirects, and more. Essential for debugging server configuration and verifying security headers are properly set.

How to use this tool

  1. Enter the URL to inspect.
  2. Click Check to send a request and capture response headers.
  3. Review each header and its value.
  4. Check for security headers like HSTS, CSP, X-Frame-Options.
  5. Verify caching headers (Cache-Control, Expires) are set correctly.

Frequently asked questions

What are the most important security headers?
Strict-Transport-Security (HSTS), Content-Security-Policy (CSP), X-Content-Type-Options, X-Frame-Options, and Referrer-Policy. These protect against XSS, clickjacking, and MIME-type attacks.
What does Cache-Control do?
Tells browsers and CDNs how long to cache the response. max-age=3600 means cache for one hour. no-cache means revalidate every time. Proper caching dramatically improves page speed.
What is HSTS?
HTTP Strict Transport Security forces browsers to always use HTTPS for your domain. Once set, even typing http:// loads HTTPS. Use max-age of at least 31536000 (one year).
How do I add security headers?
In Nginx: add_header directive. In Apache: Header set in .htaccess. In Caddy: header directive. Most CDNs like Cloudflare also let you set headers in their dashboard.

Recently checked

google.com google.com

Related tools

AI Ready Checker

Check if your website is optimized to be recommended by AI assistants like ChatGPT and Claude.

Meta Tag Analyzer

Analyze title, description, Open Graph, and Twitter Card meta tags.

Robots.txt Checker

Parse and validate a website robots.txt file.

Sitemap Validator

Validate XML sitemap structure and check URLs.

Redirect Checker

Follow and display the complete redirect chain for any URL.

Page Size Checker

Measure total page weight including all resources.

Need a place to build your project?

Launch a cloud workspace with Claude Code. Your AI builds it, we host it.

Start for $5/month