HTTP Header Inspector
Paste HTTP response headers, inspect security and privacy headers, and copy a local audit summary.
Header inspector workspace
Paste headers for the audit, or generate a local cURL command when you need to collect headers first.
Response headers
Output
Headers inspected live
6 checks passed. Paste updated headers to refresh the audit.
Content-Security-Policy
PassCSP is present. Check sources before tightening further.
Strict-Transport-Security
PassHSTS is present. Confirm all subdomains are HTTPS before preload.
X-Content-Type-Options
Passnosniff is enabled.
Referrer-Policy
PassReferrer policy is present.
Permissions-Policy
PassPermissions policy is present.
X-Frame-Options / frame-ancestors
PassFrame protection is present.
Questions
Does this tool fetch my URL?
No. Browser security rules make direct header fetching unreliable. The tool gives you a cURL command and inspects the headers you paste locally.
Which headers does it check?
It checks CSP, HSTS, X-Content-Type-Options, Referrer-Policy, Permissions-Policy, and frame protection via X-Frame-Options or CSP frame-ancestors.
Is the score a security guarantee?
No. The score is a practical checklist signal, not a full security audit. Important sites should still be reviewed carefully.
Does Utilumo upload my input?
No. This tool is designed for local browser processing and does not send your input to a server.
Do I need an account?
No. Utilumo tools are built to work without accounts or sign-in.