Skip to content
uxTools
Developer

HTTP Header Analyzer

Paste a header block or curl -I output to audit the response without opening DevTools.

Security score

50%

Coverage across the core security headers.

Headers

7

Parsed header lines.

Set-Cookie

0

Cookie headers found in the response.

Status line

HTTP/2 200

The first HTTP status line when present.

Header input panel

Paste a raw response header block or a curl -I output.

Security headers

Quickly see which browser protections are already present.

content-security-policy

Missing

No value

strict-transport-security

Present

max-age=31536000; includeSubDomains

x-content-type-options

Present

nosniff

x-frame-options

Missing

No value

referrer-policy

Present

strict-origin-when-cross-origin

permissions-policy

Missing

No value

Cache and CORS reading

A fast interpretation of the current header set.

Cache: Cacheable for 300s with ETag validation.

CORS: Origin locked to https://app.example.com.

Normalized JSON

Turns the header block into a clean key/value JSON object.

{
  "content-type": "text/html; charset=utf-8",
  "cache-control": "public, max-age=300",
  "etag": "\"abc123\"",
  "strict-transport-security": "max-age=31536000; includeSubDomains",
  "x-content-type-options": "nosniff",
  "referrer-policy": "strict-origin-when-cross-origin",
  "access-control-allow-origin": "https://app.example.com"
}