HTTP Header Playground
Client-Side SecurePaste or fetch response headers to audit security directives (CSP, HSTS, Referrer-Policy) and export a report.
Response headers
Security headers
0/8 present
content-security-policy
strict-transport-security
x-content-type-options
x-frame-options
referrer-policy
permissions-policy
cross-origin-opener-policy
cache-control
Recommendations
- Add a Content-Security-Policy to reduce XSS risk.
- Enable Strict-Transport-Security (HSTS) with includeSubDomains and preload.
- Set Referrer-Policy: strict-origin-when-cross-origin or no-referrer.
- Add X-Content-Type-Options: nosniff.
- Set X-Frame-Options: DENY or frame-ancestors directive in CSP.
Why it matters
Client-only analysis
- Paste raw response headers to quickly spot missing security directives.
- Check cacheability and mixed-content protections without external calls.
- Download a markdown report for audits or PR comments.
Is this tool broken?
Let us know if you found a bug or have a feature request.
Analyze HTTP response headers for security and caching best practices. Paste raw headers or fetch from a URL, then review recommendations for CSP, HSTS, Referrer-Policy, and more.
- Checks presence of common security headers.
- Exports a markdown report for audits or PR comments.
- Client-only parsing; external fetches may be limited by CORS.
You might also like
SSL Certificate Checker
Verify SSL validity, expiration date, and security chain instantly.
Site Crawler & Spider
Crawl any website to extract links, sitemaps, and generate page screenshots.
Hash Generator
Free online Hash Generator. Create secure SHA-1, SHA-256, and MD5 hashes from your text. Verify data integrity with this simple tool.