HTTP Security Header Helper
Paste raw HTTP response headers from your browser's Network tab or a command like curl -I. Parsing and analysis happen entirely in your browser. This tool analyzes pasted headers only — it does not and cannot fetch a remote URL and inspect live headers for you.
Pasted headers only
Heuristic analysis, not a full audit
Nothing pasted yet — add some response headers above to see the parsed directives, risky combinations, missing recommended headers, and example baseline configs.
Illustrative baseline snippets
Baseline configuration examples
These are illustrative starting points, not universal best settings for every app.