HTTP Headers API
/api/http-headers
No Auth RequiredWhat It Does
It echoes back every HTTP header that your request sent. That’s literally the whole thing. You make a request, and it shows you exactly what headers arrived at the server. No filtering, no modification, just a mirror.
This is surprisingly useful. Ever wonder what headers your HTTP client is actually sending? Or whether your proxy is stripping something? Or what all those sec-ch-ua headers mean? Hit this endpoint and find out.
Parameters
None. Zero. Just make the request. The headers you send ARE the input.
| Parameter | Type | Required | Description |
|---|---|---|---|
| No parameters. The request headers are the input. | |||
Response Fields
The response is a dynamic JSON object. Every key is a header name, every value is the header’s value as a string. The exact fields depend on what your client sends.
Here are the headers you’ll commonly see:
| Field | Type | Description |
|---|---|---|
accept | string | What content types the client will accept. Browsers send a long list. curl sends */* because it's not picky. |
accept-encoding | string | Compression formats the client supports. Usually gzip, deflate, br. |
accept-language | string | Language preferences. Tells the server what language you'd like content in. Servers mostly ignore this. |
user-agent | string | The classic. Identifies your browser or HTTP client. A beautiful mess of lies and legacy strings. |
sec-ch-ua | string | Client Hints for the browser brand and version. Chrome's attempt to replace the user-agent chaos. |
sec-ch-ua-mobile | string | ?0 for desktop, ?1 for mobile. The question mark is part of the format, not a typo. |
sec-ch-ua-platform | string | The operating system. "Windows", "macOS", "Linux", etc. |
x-forwarded-for | string | If you're behind a proxy or CDN, this shows the original client IP. Can be a chain of IPs. |
host | string | The hostname from the URL. Tells the server which site you're trying to reach. |
connection | string | Usually keep-alive. Tells the server to keep the TCP connection open for more requests. |
You may see other headers too. Custom headers, proxy headers, CDN headers. Whatever your client or infrastructure adds to the request shows up here.
Example Request
curl
curl "https://whatismyip.technology/api/http-headers"
Want to see custom headers? Add your own:
curl -H "X-My-Header: hello" "https://whatismyip.technology/api/http-headers"
Python
import requests
response = requests.get("https://whatismyip.technology/api/http-headers")
headers = response.json()
for name, value in headers.items():
print(f"{name}: {value}")
JavaScript
const response = await fetch("https://whatismyip.technology/api/http-headers");
const headers = await response.json();
// See your user-agent
console.log("Your user-agent:", headers["user-agent"]);
// See everything
console.log(JSON.stringify(headers, null, 2));
Example Response
From a browser, you’ll get something like this:
{
"accept": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8",
"accept-encoding": "gzip, deflate, br",
"accept-language": "en-US,en;q=0.9",
"host": "whatismyip.technology",
"sec-ch-ua": "\"Chromium\";v=\"128\", \"Google Chrome\";v=\"128\"",
"sec-ch-ua-mobile": "?0",
"sec-ch-ua-platform": "\"Windows\"",
"user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36",
"x-forwarded-for": "203.0.113.42"
}
From curl, it’s much simpler:
{
"accept": "*/*",
"host": "whatismyip.technology",
"user-agent": "curl/8.4.0"
}
The difference is telling. Browsers are chatty. curl is not.
Caching
No caching at all. Cache-Control: no-store. Every request reflects the actual headers sent at that moment. Caching header values would defeat the entire purpose.
CORS
Wide open. You can call this from any website’s JavaScript. In fact, calling it from browser JavaScript is one of the most useful things you can do with it, since that’s where the interesting headers live.
Runtime
This runs on the Edge runtime. It’s fast. There’s almost no processing involved. Read the headers, turn them into JSON, send them back. The speed is basically network latency plus nothing.
What This Is Good For
Debugging HTTP clients: Building an API client and not sure what headers it’s sending? Point it here and look at the response. Way faster than setting up a request inspector.
Checking proxy behavior: Proxies and load balancers often add, modify, or strip headers. Hit this endpoint through your proxy and compare with a direct request. See what changed.
Verifying user agents: Need to know what user agent string your app sends? This is the quickest way to find out. Especially useful for headless browsers and scrapers that sometimes report unexpected user agents.
Browser fingerprinting research: Browsers send a lot of headers. Client Hints, Do Not Track, accepted languages and encodings. This endpoint lays it all out for you to inspect.
Testing custom headers: If your app adds custom headers (like X-Request-ID or Authorization), you can verify they’re actually being sent by checking them here. Beats reading through network inspector tabs.
Educational purposes: New to HTTP? Hit this endpoint from different clients (browser, curl, Python, Postman) and compare the results. You’ll learn more about HTTP headers in five minutes than in an hour of reading documentation.
Good Things to Know
Header names are lowercase: HTTP/2 requires lowercase header names, and the API normalizes everything to lowercase regardless of protocol. So you’ll see user-agent, not User-Agent.
Some headers get added along the way: You might see headers you didn’t explicitly set. CDNs, load balancers, and hosting platforms often add their own. x-forwarded-for, x-real-ip, and cf-connecting-ip are common ones. Those come from the infrastructure, not your client.
Cookie headers: If you’ve visited the site before and have cookies, the cookie header will show up too. Be mindful of this if you’re sharing the response with others.
The response changes per client: Two different browsers will produce different results. Chrome sends Client Hints. Firefox doesn’t. Safari has its own quirks. Even different versions of the same browser can differ. That’s part of what makes this useful.