HTTP Header Checker
Fetch any URL and see its raw HTTP response headers: status code, security headers (HSTS, CSP, X-Frame-Options), caching directives, server signature, and more. Useful for auditing your own site's security posture, debugging why a CDN cache isn't behaving as expected, or checking what a target actually returns before scraping it.
Proxy Checker
Paste your proxy list and get instant health diagnostics, geo info, and anonymity detection.
| Status | Proxy | Protocol | Exit IP | Country | Type | ASN | ISP | Latency | Flags |
|---|
Target URL Proxy Check NEW
Test proxies against a specific target URL. Find out which ones actually work for scraping your target, not just which ones are alive. Detects WAF blocks (Cloudflare, DataDome, Akamai, Imperva, PerimeterX) and CAPTCHAs.
| Status | Proxy | Protocol | HTTP | Latency | Block Reason |
|---|
Port Scanner
Scan any host for open ports. Checks 22 common service ports by default, or specify your own.
| Port | Status | Service | Latency |
|---|
Ping
Measure round-trip latency to any host. Returns min/avg/max and packet loss percentage.
My IP
See your public IP address, location, ISP, and whether you're detected as a proxy or datacenter.
IP Lookup
Look up geolocation, ISP, and metadata for any IP address.
Scrape Audit
Paste any URL to detect bot protection, CAPTCHA, JS rendering requirements, and get a scrapeability score.
Bot Protection
Signals
- No notable signals
Security Headers
DNS Lookup
Query A, AAAA, MX, TXT, NS, CNAME, and SOA records for any domain.
HTTP Headers
See the exact response headers a server sends. Essential for debugging scrapers and APIs.
Response Headers
SSL Certificate Checker
Inspect TLS certificates, check expiry dates, view the full certificate chain, and verify validity.
Subject Alternative Names (SANs)
Certificate Chain
Frequently asked questions
What security headers should a site have?
Common baseline headers are Strict-Transport-Security (HSTS), Content-Security-Policy, X-Content-Type-Options, and X-Frame-Options. Missing them isn't automatically a vulnerability, but they're cheap protections most production sites should have.
Why does the same URL return different headers each time?
Load balancers can route to different backend servers, CDNs can serve from different edge nodes with different cache states, and A/B tests or feature flags can alter headers per request. Some variance is normal.
What does a Set-Cookie header without Secure or HttpOnly mean?
It means the cookie can be read by JavaScript (no HttpOnly) and sent over plain HTTP (no Secure), which increases the risk of session hijacking via XSS or network interception. This is a common finding worth flagging in a security review.
Can I check headers for a site that requires login?
This tool checks headers for the URL as an anonymous request, so pages that redirect to a login screen will show the redirect's headers, not the authenticated page's headers.