What your browser is actually sending
Every HTTP request your browser makes carries a stack of headers. Below: the ones you sent to load this page, plus the connection metadata Cloudflare's edge attached.
About HTTP headers
HTTP headers are the key-value metadata that travel with every HTTP request and response. They tell the other side everything that isn't the body — content type, caching rules, authentication, language preferences, security policies, and what kind of browser is asking.
What this tool shows
The viewer above displays every header your browser sent on the request to load this page, plus every header our edge sent back. We also include Cloudflare-specific headers like CF-Connecting-IP, CF-IPCountry, and CF-Ray, which surface edge-routing metadata that most browsers never expose to JavaScript.
Common reasons to inspect your headers
Debug a User-Agent override, verify a VPN is altering language headers, confirm DNT or Sec-GPC is being sent, check that Client Hints (Sec-Ch-Ua, Sec-Ch-Ua-Mobile, Sec-Ch-Ua-Platform) are revealing what you expect, or audit which Cloudflare colo is serving you.
What headers reveal about you
Your User-Agent identifies the exact browser version and OS. Accept-Language exposes your preferred languages, often distinctive. Sec-Ch-Ua-Platform reveals operating system independently of UA. Combined, these add 5–10 bits of fingerprint entropy, separately from canvas or WebGL fingerprinting. Our Privacy Check shows the full picture.
Related tools and reading
Use the Security Headers grader to audit a domain's outbound response headers. Read our 2026 HTTP security headers guide for the 10 headers every site should send. Use the Privacy Check to see the broader leak surface.