HTTP Headers Inspector
Every HTTP request your browser sends includes headers that reveal information about you - your browser, OS, language, referrer, and more. This tool shows exactly what your browser is sending.
Fetching your request headers…
What Are HTTP Headers?
HTTP headers are metadata fields sent with every web request and response. When you visit a website, your browser automatically includes headers that reveal your user agent, preferred language, accepted content types, referrer URL, and more. Servers use these headers to deliver the right content, but they can also be used to track and fingerprint you.
Why Are HTTP Headers a Privacy Concern?
Several headers leak personally identifiable information. TheUser-Agent header reveals your browser, operating system, and device type. TheAccept-Language header exposes your language preferences and potential nationality. Proxy headers like X-Forwarded-For can reveal your real IP address even behind a VPN if misconfigured.
How to Reduce Header Leakage
- Use a VPN that strips forwarding headers (X-Forwarded-For, X-Real-IP).
- Set a strict Referrer Policy in your browser to limit referer header data.
- Disable Client Hints in Chrome/Edge to reduce your fingerprint surface.
- Use Tor Browser, which sends minimal, uniform headers.
Learn more in our guide: Privacy Browser Settings.
Related Tools & Guides
- Browser Fingerprint Lab - see your full browser fingerprint, including canvas, WebGL, and audio signals.
- IP Lookup - check what IP address your headers expose to servers.
- WebRTC Leak Test - detect another common source of IP leaks alongside headers.
- Complete Guide to Online Anonymity - strategies for reducing your digital footprint.
Frequently Asked Questions
Can websites see all my HTTP headers?
Yes. Every server you connect to receives the full set of headers your browser sends. This includes your user agent, language, accepted content types, cookies, and any custom headers your extensions or VPN add.
What is the most dangerous header for privacy?
The X-Forwarded-For header is the most dangerous because it can expose your real IP address when a proxy or CDN is misconfigured. The Referer header is also risky because it reveals the previous page you visited.
Does using HTTPS hide my headers?
HTTPS encrypts your headers in transit, so third parties cannot read them. However, the destination server still receives all headers in plain text. HTTPS protects against interception, not against the server itself.