Enter a website URL below to fetch its HTTP response headers. This helps security testers and developers verify configurations like CORS, CSP, and HSTS. This tool runs in your browser only. Because of browser security (CORS, mixed-content), results may be **inconclusive** for some targets — the UI will explain when that happens.