HTTP Header Analyzer
Paste a header block or curl -I output to audit the response without opening DevTools.
Security score
50%
Coverage across the core security headers.
Headers
7
Parsed header lines.
Set-Cookie
0
Cookie headers found in the response.
Status line
HTTP/2 200
The first HTTP status line when present.
Header input panel
Paste a raw response header block or a curl -I output.
Security headers
Quickly see which browser protections are already present.
content-security-policy
MissingNo value
strict-transport-security
Presentmax-age=31536000; includeSubDomains
x-content-type-options
Presentnosniff
x-frame-options
MissingNo value
referrer-policy
Presentstrict-origin-when-cross-origin
permissions-policy
MissingNo value
Cache and CORS reading
A fast interpretation of the current header set.
Cache: Cacheable for 300s with ETag validation.
CORS: Origin locked to https://app.example.com.
Normalized JSON
Turns the header block into a clean key/value JSON object.
{
"content-type": "text/html; charset=utf-8",
"cache-control": "public, max-age=300",
"etag": "\"abc123\"",
"strict-transport-security": "max-age=31536000; includeSubDomains",
"x-content-type-options": "nosniff",
"referrer-policy": "strict-origin-when-cross-origin",
"access-control-allow-origin": "https://app.example.com"
}