HTTP Headers

What your browser is actually sending

Every HTTP request your browser makes carries a stack of headers. Below: the ones you sent to load this page, plus the connection metadata Cloudflare's edge attached.

Request headers
loading…fetching
Cloudflare edge metadatarequest.cf object

About HTTP headers

HTTP headers are the key-value metadata that travel with every HTTP request and response. They tell the other side everything that isn't the body — content type, caching rules, authentication, language preferences, security policies, and what kind of browser is asking.

What this tool shows

The viewer above displays every header your browser sent on the request to load this page, plus every header our edge sent back. We also include Cloudflare-specific headers like CF-Connecting-IP, CF-IPCountry, and CF-Ray, which surface edge-routing metadata that most browsers never expose to JavaScript.

Common reasons to inspect your headers

Debug a User-Agent override, verify a VPN is altering language headers, confirm DNT or Sec-GPC is being sent, check that Client Hints (Sec-Ch-Ua, Sec-Ch-Ua-Mobile, Sec-Ch-Ua-Platform) are revealing what you expect, or audit which Cloudflare colo is serving you.

What headers reveal about you

Your User-Agent identifies the exact browser version and OS. Accept-Language exposes your preferred languages, often distinctive. Sec-Ch-Ua-Platform reveals operating system independently of UA. Combined, these add 5–10 bits of fingerprint entropy, separately from canvas or WebGL fingerprinting. Our Privacy Check shows the full picture.

Related tools and reading

Use the Security Headers grader to audit a domain's outbound response headers. Read our 2026 HTTP security headers guide for the 10 headers every site should send. Use the Privacy Check to see the broader leak surface.