Tools
HTTP Headers Checker
Check common website response headers such as redirects, server response, security headers and caching details.
This checker requests a URL server-side (headers only — the page body is never read) and reports the status code, any redirect chain, the response headers and whether common security headers are present. Set-Cookie values are always hidden.
Education Host runs your check for this request only. It is not stored in a database by this tool, although normal server and security logs may record requests like any other website.
What are HTTP headers?
HTTP headers are the metadata a web server sends alongside every response — before any page content. They tell the browser what kind of content is coming, how long to cache it, where to redirect, which cookies to set and which security rules to enforce.
Reading them is often the fastest way to understand what a website or hosting platform is actually doing.
What response headers cover
- Status code — how the server handled the request
- Content and caching headers — what is served and for how long
- Redirect headers — where the browser is sent next
- Security headers — protections the browser is told to enforce
Why headers matter for hosting and security
Headers are where many hosting and website issues show up first: a redirect loop, a caching rule that keeps serving stale content, a missing HTTPS upgrade or a misbehaving plugin identifying itself in every response.
- Confirm http-to-https and www redirects after a hosting change
- See caching behaviour (Cache-Control, ETag) when content will not update
- Spot server and platform details a site is advertising
- Check security headers as part of a website review
- Verify a CDN or proxy is actually in front of the site
Common security headers
The six headers this tool checks for, and what each asks the browser to do.
Tells browsers to only ever use HTTPS for this site
Restricts where scripts, styles and other content may load from
Controls whether the site may be embedded in frames (clickjacking protection)
Stops browsers guessing content types (nosniff)
Controls how much referrer information is shared with other sites
Limits which browser features (camera, geolocation, …) pages may use
Redirects and caching in brief
Redirects (301, 302, 307, 308) send the browser to a different URL — the classic examples are upgrading http to https and settling the www question. Chains of redirects slow every visit, so shorter is better, and this checker shows each hop it followed (up to five).
Caching headers such as Cache-Control, Expires, ETag and Last-Modified decide how long browsers and CDNs reuse a response. When a website "will not update", these headers are usually the first place to look.
Related tools
Part of a growing set of free Education Host checks.
IP Address Checker
See the public IP address your browser is using to reach this website.
Check your IP addressDNS Checker
Check DNS records for a domain, from A and MX to TXT, CAA and PTR.
Check DNS recordsBlacklist Checker
Check whether an IP address appears on common DNS-based email blacklists.
Check blacklist statusIP Lookup
Look up technical details for an IP address, including classification and reverse DNS.
Look up an IP addressDMARC Checker
Check whether a domain has a DMARC record and review the published policy.
Check a DMARC recordWhois Lookup
Look up public domain registration information where available.
Run a Whois lookupHTTP headers checker — frequently asked questions
Answers to common questions about HTTP headers, redirects and security headers.
- What are HTTP headers?
- HTTP headers are metadata a web server sends with every response — covering content type, caching, cookies, redirects and security instructions for the browser.
- What does an HTTP status code mean?
- The status code summarises how the server handled the request: 200 means success, 301 and 302 redirect elsewhere, 404 means not found, and 500-range codes are server errors.
- What is a redirect?
- A redirect is a response (usually 301 or 302) that sends the browser to a different URL — for example from http to https, or from www to a non-www address. This checker shows the chain of redirects it followed.
- What are security headers?
- Security headers such as Strict-Transport-Security and Content-Security-Policy instruct browsers to enforce protections like HTTPS-only access and script restrictions. This tool checks whether the common ones are present.
- Does missing a security header mean my site is insecure?
- No. A missing header is not automatically a vulnerability, and having every header does not guarantee a site is secure. Treat the checklist as a useful starting point for a proper review.
- Why is Set-Cookie hidden?
- Cookie values can contain session identifiers and other sensitive data, so the tool reports that a Set-Cookie header is present but never displays its value.
- Can Education Host help review website headers?
- Yes. Education Host manages hosting and websites for education organisations, and can help review headers, redirects, caching and security configuration.
- Does Education Host store header checks?
- This tool runs your check for the current request and does not store it in a database. Normal server and security logs may record requests like any other website.
