HTTP Headers Analyzer
Paste raw HTTP headers from browser DevTools or curl to instantly parse, categorize, and audit them. Get plain-English explanations and a security completeness score. All processing happens in your browser.
Frequently Asked Questions
What does the HTTP Headers Analyzer do?
It parses raw HTTP headers (from browser DevTools, curl, or any HTTP client), categorizes each header (Security, Caching, CORS, Content, or Custom), provides a plain-English explanation of what each header does, and audits your security headers with a completeness score.
Which security headers does it check for?
The tool checks for six critical security headers: Strict-Transport-Security (HSTS), Content-Security-Policy (CSP), X-Frame-Options, X-Content-Type-Options, Referrer-Policy, and Permissions-Policy. Missing any of these may leave your site vulnerable to common web attacks.
Is my header data safe?
Yes. All parsing and analysis happens entirely in your browser using JavaScript. No data is sent to any server. However, avoid pasting headers that contain sensitive tokens or credentials.
How do I get HTTP headers to paste?
In Chrome/Edge DevTools: open the Network tab, click any request, and copy the Response Headers. With curl: use curl -I https://example.com to see headers. In Firefox: Network tab → Headers panel. You can also use tools like httpie or Postman.