Developer Utilities · Free tool
HTTP Header Inspector
Analyze raw HTTP headers from curl or fetch to get detailed explanations and sensitive data warnings instantly. This free online tool works in your browser with no signup.
13 headers parsed. 13 explained from knowledge base.
Content-Typetext/html; charset=utf-8MIME type of the body. text/html; charset=utf-8 is the common HTML case.
Content-Length4823Body size in bytes. Wrong value = browser hang or truncation.
Cache-Controlpublic, max-age=300, stale-while-revalidate=86400Caching directives. Common: max-age=N, no-cache (revalidate), no-store (don't save), private/public.
ETag"8f3c9a-1856"Opaque identifier for this resource version. Pair with If-None-Match for conditional GETs.
Strict-Transport-Securitymax-age=31536000; includeSubDomainsHSTS — force HTTPS for max-age seconds. includeSubDomains expands the scope.
Content-Security-Policydefault-src 'self'Browser-enforced allowlist for scripts, styles, frames, etc. Major XSS defense.
X-Frame-OptionsSAMEORIGINDENY or SAMEORIGIN. Stops clickjacking by blocking iframe embedding. Largely superseded by CSP frame-ancestors.
X-Content-Type-Optionsnosniffnosniff = browser won't MIME-sniff the body. Defense against script injection via misclassified files.
Access-Control-Allow-Origin*CORS — which origin(s) may read this response. '*' or specific origin.
VaryAccept-Encoding, CookieTells caches which request headers affect the response. Important for CDN cache keys.
Set-CookieSensitive — don't logsid=abc123; HttpOnly; Secure; SameSite=StrictServer tells the browser to store this cookie. Watch for HttpOnly, Secure, SameSite, Domain.
X-RateLimit-Limit1000Rate limiting — total allowed requests per window. Pair with x-ratelimit-remaining and x-ratelimit-reset.
X-RateLimit-Remaining987Requests left in the current window.
Knowledge base covers ~30 common headers. Unrecognised headers still parse but won't get an explanation. For HTTP status code meanings, see the HTTP status code lookup.
Advertisement
What it does
Paste raw HTTP headers (curl -v output, fetch dump, or plain Name: Value lines). Get an annotated view with explanations pulled from a 30-header knowledge base. Sensitive headers (Authorization, Cookie) get a “don't log this” warning.
For status code meanings, see HTTP status code lookup.
Embed this tool on your siteShow snippetHide
Paste this snippet into any page. Loads on-demand (lazy), no tracking scripts, and sized to most dashboards. Replace the height to fit your layout.
<iframe src="https://freetoolarena.com/embed/http-header-inspector" width="100%" height="720" frameborder="0" loading="lazy" title="HTTP Header Inspector" style="border:1px solid #e2e8f0;border-radius:12px;max-width:720px;"></iframe>How to use it
- Paste headers from curl, fetch, or copy-paste.
- Each line parses as Name: Value; status lines and method lines are skipped.
- Hover the explanation for each known header.
Advertisement
Learn more
Guides about this topic
- Using Our Tools · GuideHow to generate QR codesMake QR codes for URLs, WiFi, vCard, or text. Learn error correction and sizing, then generate your QR code online free with no sign-up in seconds.
- Using Our Tools · GuideHow to create a strong passwordGenerate a strong password instantly online for free. Build high-entropy passphrases following NIST 2026 rules with no download needed.
- Developers & Technical · GuideHow to encode and decode Base64Understand the 3-to-4 mechanic and 33% overhead for standard, URL-safe, and MIME Base64. Free online reference to avoid common mistakes, no download needed.
- Design & Media · GuideHow to choose a color paletteBuild accessible color palettes using HSL theory, monochromatic to triadic schemes, WCAG contrast checks, and dark mode tips. Free, no-download guide.
- Developers & Technical · GuideHow to use JWT tokens securelyImplement secure JWT authentication by choosing RS256, setting expiration, using httpOnly cookies, and preventing 'alg: none' attacks in your browser for free.
- Design & Media · GuideHow to design a faviconCreate favicons that render perfectly from 16×16 to 512×512 with dark mode support. Learn the right HTML tags and web manifest setup free online.
Explore more developer utilities tools
- Port Number LookupSearch over 140 well-known TCP and UDP ports by number or service name. Free online reference tool with no sign-up, covering web, mail, DNS, and more.
- Test Credit Card NumbersReference table of canonical test card numbers from Stripe, Adyen, and Braintree sandbox docs. Plus Luhn validator + network detector.
- IPv6 Expander & ShortenerFormat IPv6 addresses to canonical form, handling zone IDs and prefixes, instantly online—free tool with no registration required.
- Htpasswd GeneratorCreate .htpasswd lines for Apache or nginx basic auth with browser-only SHA hashing instantly. Includes config snippets and a free online tool with no registration.
- Chmod CalculatorCalculate Unix file permissions: octal (755, 644) ↔ symbolic (rwxr-xr-x) ↔ rwx checkboxes. Covers setuid, setgid, sticky bit. With presets.
- Excel Formula ExplainerPaste any formula and get a plain-English breakdown of 60+ functions online free—no sign-up required, in your browser.