CalcChef
Search tools (e.g. 'calc', 'converter')... (Press '/' or 'Cmd+K')

HTTP Headers Viewer

View the HTTP headers your browser sends with requests. Analyze user-agent, accept-language, and other header fields.

Loading Tool...

Applications

Use the HTTP Headers Viewer to inspect exactly what your browser sends to any endpoint. Essential for debugging CORS issues, verifying custom headers, understanding CDN behavior, checking authentication header delivery, and auditing privacy-sensitive headers like User-Agent and Sec-Ch-Ua for fingerprinting exposure.

Sec-Fetch-* and Browser Security

The Sec-Fetch-* headers (Sec-Fetch-Site, Sec-Fetch-Mode, Sec-Fetch-Dest, Sec-Fetch-User) are part of the Fetch Metadata specification that helps servers distinguish genuine user navigation from cross-site request forgeries. Sec-Fetch-Site tells the server if the request originated from the same origin, same site, cross-site, or was user-initiated. These headers are automatically set by modern browsers and cannot be overridden by JavaScript, making them a powerful defense against CSRF attacks.

Fun Fact: The DNT (Do Not Track) header was introduced in 2009 but was deprecated in 2019 because most websites ignored it entirely. Its successor GPC (Global Privacy Control), introduced in 2020, has legal teeth — California's CPRA treats GPC signals as legally binding opt-out requests that businesses must honor.

Related Tools

View all tools