HTTP header checker

See exactly what headers a URL returns, including the security headers that protect your captive portal.

Check a URL's response headers

The request is made server-side from Purple, so headers reflect what an external client sees, not your own browser or network.

Why response headers matter

Response headers control caching, redirects, content type, and the security posture of a site. For captive portals and splash pages especially, a missing HSTS header or a strict Content-Security-Policy can be the difference between a clean sign-in and a broken one. This checker shows the full header set plus a checklist of the headers that matter most for security.

What you can spot

Missing HSTS, CSP, X-Frame-Options, and other security headers.
Unexpected redirects and the Location they point to.
Server software, caching directives, and content type.

Related WiFi tools

Securing captive-portal traffic?

Headers are one layer. Purple manages portal hosting, certificates, and HTTPS for you, so guest WiFi sign-in stays secure and consistent across every site.

Talk to a WiFi expert