HTTP Headers Tab

Purpose

• Quickly inspect response headers, caching, and security signals without leaving the page.

How to Open

• Popup nav → HTTP Headers.
• Non-HTTP contexts (chrome://, file://, some gated pages) return no data.

What You See

• Status code, content-type, redirects (if present).
• Cache directives (cache-control, expires), CDN hints.
• Security headers (CSP, HSTS, X-Frame-Options, etc.) when available.
• Robots-related headers (x-robots-tag) for fast indexability checks.
• Summary table with status → scheme/host/path rows and a “Copy Summary” shortcut.
• Details section showing redirect chain (e.g., 302 → 200) with destination URLs.
• Full response headers list (server, date, content-type/length, caching, CSP, XFO, referrer-policy, cookies, encoding, etc.).
• Helper table explaining common HTTP status codes.

Workflow Wins

• Faster than DevTools when you just need cache/indexability sanity checks.
• Pair with Page Info to reconcile meta robots vs. x-robots headers.
• Great for “why is this noindexed?” and “why is this cached?” in one pass.

Recommended Plays

• Indexability check: Compare x-robots-tag vs. meta robots (Page Info).
• Caching sanity: Confirm CDN/browser caching before running perf tests.
• Security glance: Verify XFO/CSP/HSTS on key pages without opening DevTools.

Actions

• Copy/export the header set for tickets or audits.
• Open the live response/source in a new tab when available.
• Use “Copy Summary” to grab the redirect/status table in one click for sharing.

Tips & Troubleshooting

• Header mismatches vs. DevTools can come from proxies, service workers, or intermediate caches.
• Mixed-content blocking or CORS errors can hide headers; try a direct HTTPS URL.
• Set-Cookie entries are shown per response; redirects may set/clear multiple cookies—check the whole chain.
• Compressed responses (content-encoding: gzip/br) can differ from what interceptors show; rely on the raw header list here.