HTTP Header Analyzer
Online HTTP header analyzer supporting URL fetch and pasted headers to inspect security headers, CORS, and cache policy risks
URL mode sends a network request to the target address, while paste mode is analyzed locally in your browser.
Detected HTTP Headers
No HTTP header data
Documentation
What is this tool?
HTTP Header Analyzer inspects headers from URLs or pasted text, reviews security headers, CORS, and cache policies, and helps locate misconfiguration risks quickly.
Key Features
- Analyze headers from a URL or pasted response text
- Automatic scoring for security controls and exposure risks
- Dedicated CORS and cache policy checks
- Practical security header recommendations for hardening
How to use
1
Choose URL mode or paste mode
2
Enter a URL or paste response headers
3
Run analysis and review score plus detailed items
4
Fix failed or warning items step by step
FAQ
Why does URL mode require captcha?
URL mode triggers server-side proxy requests, and captcha helps reduce abuse.
Why is my score low?
Most low scores come from missing CSP, HSTS, or X-Frame-Options. Fix failed items first.
Does paste mode upload my input?
No. Paste mode is parsed locally in your browser.
Notes
- Analyze both staging and production to catch policy drift.
- Apply least-privilege principles for CORS origin and methods.
- Re-check with browser devtools after header updates.