HTTP標頭分析工具

如何使用本工具

1. 1

   Type a public hostname or URL (for example example.com or https://example.com) into the input box.

2. 2

   Press Analyze. The tool's server sends a GET request to that host over HTTPS, falling back to HTTP if needed.

3. 3

   Read the yellow 'Missing security headers' panel to see which of the nine tracked headers are absent.

4. 4

   Scroll the 'All headers' list to inspect every header the server actually returned, value by value.

什麼是HTTP標頭分析工具？

常見使用場景

• Confirm a freshly deployed site is sending HSTS and a Content-Security-Policy before you announce launch.

• Spot-check a competitor's or vendor's public domain to see how their security header posture compares to yours.

• Verify that a CDN or reverse-proxy change (Cloudflare, Fastly, nginx) is actually adding the headers you configured at the edge.

• Quickly read Cache-Control, ETag, and Content-Type on a production response when debugging a caching or MIME-type bug.

• Check whether a redirect chain ends on HTTPS and what the final hop's headers look like, since the tool follows up to five redirects.

• Hand a developer a concrete list of missing headers (X-Frame-Options, X-Content-Type-Options, Referrer-Policy) to add to their server config.

常見問題