HTTP Header Parser

Type a URL and our server performs a short HEAD request (falls back to a tiny GET) to capture response headers—http/https and public-routable IPs only, with SSRF protections.

Report
URL
Results
# Name Value
Enter a URL and click Fetch; results appear in this section.
Step 1
Enter a full URL above (https:// is added if omitted), then click Fetch response headers.
Step 2
Below you will see the status line, summary cards, hints, and the full header table. Redirects show requested vs final URL.
Step 3
Use Copy as TSV for spreadsheets. If HEAD is not supported, a tiny GET is used instead (still within SSRF protections).
When should I use this tool?
Whenever you want a quick look at Cache-Control, CSP, HSTS, Server, etc. without running curl yourself—especially across environments.
Why was my target blocked or the fetch failed?
To reduce SSRF abuse we block private/reserved IPs, localhost-style hostnames, and common cloud metadata hosts. Some sites also block our user agent or allowlist only certain clients.
Do you store my URL? What hits the remote site?
Each check issues a short outbound HTTP request from our infrastructure (headers-focused). We do not use your URL for marketing logs; still avoid secret URLs that embed tokens.
How is this different from browser DevTools?
DevTools shows what your browser received; this tool shows what our egress IP received—CDN, geo, and WAF rules can differ.
What is “Copy as TSV” for?
It copies a two-column, tab-separated list (name and value) that pastes cleanly into Excel, Google Sheets, or docs for reviews with teammates.
encoding Base64 URL-encoding
2026-06-03

Deep Dive into Encoding Systems: From Character Mapping to Binary Representation

Understand the mechanisms of character encoding, Base64 conversion, and URL encoding in modern digital systems to ensure accurate data transmission and conversion.

Markdown Writing Tools Frontend
2026-03-23

The Complete Markdown Guide: From Basics to Real-World Applications

Markdown is the go-to lightweight markup language for writers, developers, and content creators. This guide covers everything from core syntax to advanced techniques and platform-specific applications.

CORS API Security Web Security
2026-07-01

CORS (Cross-Origin Resource Sharing) Security Strategy: From Browser Mechanisms to Production Protection

A deep dive into the mechanics of CORS, exploring how to correctly configure cross-origin requests, clarifying common security pitfalls, and ensuring API resource safety.

encoding Unicode URL-encoding
2026-06-03

Encoding Standards and Network Transmission: A Complete Guide to Character and URL Encoding

Understand the mechanics of character encoding, Base64 applications, and the vital role of URL encoding in modern web communication to resolve encoding issues.

HTTP WebSecurity APIDevelopment
2026-06-02

HTTP Security Headers: A Critical Defense Line for Web Applications

Learn how to harden your web applications using HTTP security headers to defend against XSS, clickjacking, MIME sniffing, and other common threats.

QR Code Quishing Phishing
2026-05-06

Quishing (QR Code Phishing) Complete Guide: How to Spot Malicious QR Codes and Stay Safe

QR code phishing (quishing) attacks surged 587% in 2025, now comprising 12% of all phishing attacks. The FBI warned in January 2026 that North Korean hackers are using malicious QR codes in spearphishing campaigns. Learn how to identify fake QR codes, understand common attack scenarios, and safely scan and generate QR codes.