Home/Web Tools/HTTP headers inspector

HTTP

HTTP Headers Inspector

Paste headers to parse, filter, and spot common security/caching issues. Local only.

Local only Paste & parse

Paste headers

Accepts a raw header block, or a full line like Content-Security-Policy: ....

Parsed output

Filter by name or value.

Headers: 0 Showing: 0

Headers

Paste headers to see a parsed list here.

Common paste sources

  • Browser DevTools → Network → Headers
  • curl -I https://example.com
  • Server logs (sanitize secrets)

Security headers

  • Content-Security-Policy (CSP)
  • Strict-Transport-Security (HSTS)
  • X-Content-Type-Options
  • Referrer-Policy

Caching & CORS hints

  • Cache-Control, ETag, Vary
  • Access-Control-Allow-Origin, Access-Control-Allow-Credentials
  • Avoid sharing tokens/cookies in pasted headers

How it works

Paste raw HTTP response headers; the parser splits name/value pairs, normalizes casing, and highlights security, caching, and CORS insights while keeping the original order.

  • JSON view groups duplicate headers and makes copy/paste easier for code or tests.
  • Sensitive values stay local; clear secrets before sharing.

Quick examples

Security set
Strict-Transport-Security: max-age=63072000; includeSubDomains
Flags HSTS present
Caching example
Cache-Control: public, max-age=3600
Shows cacheability and TTL

Keep the blank line out; paste only headers, not the HTTP status line.

Mini FAQ

Do duplicate headers show?

Yes; they are kept in order and also combined in JSON view.

Are request headers supported?

Yes, the parser is generic—works for request or response headers.

How about folded lines?

Legacy folded headers are unfolded; prefer one header per line.