HTTP Header Inspector

Parse and analyze HTTP headers with explanations for common headers

Paste headers in any format: raw HTTP headers, curl -H format, or JSON object

What is HTTP Header Inspection?

HTTP headers are metadata sent between clients and servers in HTTP requests and responses. They control critical aspects like authentication, caching, content types, security policies, and CORS. This tool parses headers from various formats and provides detailed explanations for common headers, helping you understand and debug HTTP communication.

How to Use

  1. Paste your HTTP headers in any supported format (raw, curl, or JSON)
  2. Click "Inspect Headers" to parse and analyze them
  3. Review the categorized headers with explanations
  4. Hover over or click headers to see detailed information
  5. Use the category breakdown to understand your header configuration

Supported Input Formats

Raw HTTP Headers

Content-Type: application/json
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9
Accept: application/json
User-Agent: MyApp/1.0

Curl -H Format

-H "Content-Type: application/json"
-H "Authorization: Bearer token123"
--header "Accept: application/json"

JSON Object

{
  "Content-Type": "application/json",
  "Authorization": "Bearer token123",
  "Accept": "application/json"
}

Header Categories

  • General: Basic headers like Content-Type, Content-Length, Date
  • Request: Client-sent headers like User-Agent, Accept, Referer
  • Response: Server-sent headers like Server, Location, Set-Cookie
  • Security: Security-related headers like Authorization, CSP, HSTS
  • Caching: Cache control headers like Cache-Control, ETag, Expires
  • CORS: Cross-origin headers like Access-Control-Allow-Origin
  • Custom: Non-standard or application-specific headers

Common Use Cases

  • Debug CORS issues by inspecting Access-Control headers
  • Verify authentication headers are correctly formatted
  • Check security headers for best practices compliance
  • Analyze caching configuration for performance optimization
  • Copy headers from browser DevTools for analysis
  • Convert between different header formats

Security Headers Explained

  • Strict-Transport-Security: Forces HTTPS connections to prevent man-in-the-middle attacks
  • Content-Security-Policy: Prevents XSS attacks by controlling allowed content sources
  • X-Content-Type-Options: Prevents MIME-sniffing vulnerabilities
  • X-Frame-Options: Protects against clickjacking attacks
  • Referrer-Policy: Controls how much referrer information is shared

Privacy Notice

All header parsing and inspection happens entirely in your browser. Your headers, which may contain sensitive authentication tokens or API keys, never leave your device. This ensures complete privacy when analyzing production headers or debugging security-sensitive applications.

Related Tools

Curl Command Builder

Build curl commands with a visual interface for HTTP requests

api-tools

Curl to Fetch Converter

Convert curl commands to JavaScript fetch() and vice versa

api-tools

JWT Decoder

Decode JWT tokens locally in your browser

security

URL Parser

Parse URLs into components and reconstruct from parts

network