~/ curl -sI https://…

HTTP Header Checker

Inspect the HTTP response headers of any public site: security-header grade, cookie flags, caching policy and the full redirect chain. Only the headers are fetched — never the page body.

What the grade means

The grade counts the six core security headers every production site should send: Strict-Transport-Security, Content-Security-Policy, X-Content-Type-Options, X-Frame-Options (or CSP frame-ancestors), Referrer-Policy and Permissions-Policy. All six present is an A; each missing header drops one letter, and a site served over plain HTTP is capped at D. The grade measures header hygiene, not overall security — a site can score an A and still be vulnerable elsewhere.

API

The same check is available as a public JSON endpoint, useful in CI to catch a misconfigured reverse proxy before your users do:

curl 'https://myconf.it/api/headers?url=example.com'
curl 'https://myconf.it/api/headers.md?url=example.com'

Only the status line and response headers are fetched and returned — never the body — with at most 5 redirects followed and standard ports only. See the API docs for the response envelope.

[info]
Respecting your privacy: We don't track your activity, use advertising networks, or set marketing cookies. Just fast, clean, and free network tools. enjoy!