HTTP Security Header Helper

Paste raw HTTP response headers from your browser's Network tab or a command like curl -I. Parsing and analysis happen entirely in your browser. This tool analyzes pasted headers only — it does not and cannot fetch a remote URL and inspect live headers for you.

Nothing pasted yet — add some response headers above to see the parsed directives, risky combinations, missing recommended headers, and example baseline configs.

Baseline configuration examples

These are illustrative starting points, not universal best settings for every app.

FAQ

See also: