HTTP
HTTP Headers Inspector
Paste headers to parse, filter, and spot common security/caching issues. Local only.
Paste headers
Accepts a raw header block, or a full line like Content-Security-Policy: ....
Parsed output
Filter by name or value.
Headers
Paste headers to see a parsed list here.
Common paste sources
- Browser DevTools → Network → Headers
- curl -I https://example.com
- Server logs (sanitize secrets)
Security headers
- Content-Security-Policy (CSP)
- Strict-Transport-Security (HSTS)
- X-Content-Type-Options
- Referrer-Policy
Caching & CORS hints
- Cache-Control, ETag, Vary
- Access-Control-Allow-Origin, Access-Control-Allow-Credentials
- Avoid sharing tokens/cookies in pasted headers
How it works
Paste raw HTTP response headers; the parser splits name/value pairs, normalizes casing, and highlights security, caching, and CORS insights while keeping the original order.
- JSON view groups duplicate headers and makes copy/paste easier for code or tests.
- Sensitive values stay local; clear secrets before sharing.
Quick examples
Keep the blank line out; paste only headers, not the HTTP status line.
Mini FAQ
Do duplicate headers show?
Yes; they are kept in order and also combined in JSON view.
Are request headers supported?
Yes, the parser is generic—works for request or response headers.
How about folded lines?
Legacy folded headers are unfolded; prefer one header per line.
Related tools