Utilumo
LightDarkSystem

HTTP Header Inspector

Paste HTTP response headers, inspect security and privacy headers, and copy a local audit summary.

Header inspector workspace

Paste headers for the audit, or generate a local cURL command when you need to collect headers first.

Header inspection workflow

Response headers

Output

Score: 100Headers: 6Passed: 6Warnings: 0Missing: 0Status: 200

Headers inspected live

6 checks passed. Paste updated headers to refresh the audit.

Content-Security-Policy

Pass

CSP is present. Check sources before tightening further.

Strict-Transport-Security

Pass

HSTS is present. Confirm all subdomains are HTTPS before preload.

X-Content-Type-Options

Pass

nosniff is enabled.

Referrer-Policy

Pass

Referrer policy is present.

Permissions-Policy

Pass

Permissions policy is present.

X-Frame-Options / frame-ancestors

Pass

Frame protection is present.

Files are processed in your browser. No data is uploaded.

Questions

Does this tool fetch my URL?

No. Browser security rules make direct header fetching unreliable. The tool gives you a cURL command and inspects the headers you paste locally.

Which headers does it check?

It checks CSP, HSTS, X-Content-Type-Options, Referrer-Policy, Permissions-Policy, and frame protection via X-Frame-Options or CSP frame-ancestors.

Is the score a security guarantee?

No. The score is a practical checklist signal, not a full security audit. Important sites should still be reviewed carefully.

Does Utilumo upload my input?

No. This tool is designed for local browser processing and does not send your input to a server.

Do I need an account?

No. Utilumo tools are built to work without accounts or sign-in.