Pasting only the response body
Header analysis needs the status line and header block, not just HTML or JSON content. Copy the response headers from DevTools or curl.
Parse raw HTTP request or response headers into a normalized, readable summary with duplicate detection and cache, security, CORS, and content header groups.
Continue with a related workflow or open the next tool that usually follows this task.
Use this workflow when an API response is hard to read, a JSON payload fails validation, or a frontend error points to malformed structured data.
OpenRelated toolEncode or decode Base64 text with UTF-8 support and local-only processing.
OpenRelated toolGenerate MD5, SHA-1, SHA-256, and SHA-512 checksums locally.
OpenRelated toolFormat, validate, and minify JSON with instant error highlights—fully local.
OpenPaste raw HTTP request or response headers into the input.
Review the normalized header list and skipped-line warnings.
Check duplicate header names such as Accept or Set-Cookie.
Use the grouped summary to inspect cache, security, CORS, and content headers.
Copy or download the normalized output for debugging notes.
Inspect cache-control, etag, expires, vary, and age headers before debugging stale API or CDN responses.
Check CORS response headers before testing a frontend request that fails in the browser.
Review HSTS, CSP, frame, content-type, and referrer-related headers while preparing deployment checks.
Normalize copied request headers from DevTools or curl when documenting API issues.
Header analysis needs the status line and header block, not just HTML or JSON content. Copy the response headers from DevTools or curl.
Set-Cookie and cache-related headers can appear more than once. Check duplicates before deciding whether a server or proxy is misconfigured.
Request headers describe what the browser sent; response headers describe what the server returned. Keep them separate when debugging caching, CORS, or security issues.
HTTP/1.1 200 OK
content-type: application/json
cache-control: public, max-age=3600
strict-transport-security: max-age=31536000; includeSubDomainsStart line: HTTP/1.1 200 OK
Total headers: 3
Cache headers: cache-control
Security headers: strict-transport-securityGET /api/users HTTP/1.1
Host: api.example.com
Accept: application/json
Accept: text/plainStart line: GET /api/users HTTP/1.1
Duplicate header names: 1
Normalized headers:
host: api.example.com
accept: application/json
accept: text/plainThe parser recognizes HTTP request and response start lines before reading name/value header pairs.
Header names are grouped case-insensitively while original values are preserved.
Repeated header names are reported as duplicates instead of being overwritten.
Continuation lines are folded into the previous header value for readable output.
Malformed lines are skipped with warnings so a partial log still produces useful results.
Yes. Paste the status line and header block from DevTools, curl, a CDN log, or an API client. The parser keeps the start line and normalizes the headers below it.
No. Everything runs locally in your browser. The tool does not fetch URLs, upload headers, or store inspected values.
It highlights common cache, CORS, content, request, response, and security header groups. These are inspection hints, not a complete security audit.
Use these focused guides when you need a practical workflow before opening the tool.
Use this workflow when an API response is hard to read, a JSON payload fails validation, or a frontend error points to malformed structured data.
Workflow guideUse this workflow when a browser request, API response, redirect, or CDN cache behaves differently than expected and you need a clean header-level view first.
Explore more developer tools
Encode or decode Base64 text with UTF-8 support and local-only processing.
Generate MD5, SHA-1, SHA-256, and SHA-512 checksums locally.
Format, validate, and minify JSON with instant error highlights—fully local.
Decode JWT header, payload, claims, and expiration locally.
Encode or decode query strings, redirects, and URL components locally.