HTTP Header Parser

Paste raw HTTP headers to parse, analyze, and inspect — with security insights and header descriptions

  1. Home
  2. /
  3. HTTP Header Parser

Paste HTTP headers above and click Parse to analyze them

What Are HTTP Headers?

HTTP headers are key-value pairs sent between a client and server in HTTP requests and responses. They carry metadata about the request or response, such as content type, authentication credentials, caching policies, and more. Headers are essential for how the web works — they enable features like content negotiation, security controls, session management, and cross-origin resource sharing.

This parser helps you understand any HTTP headers you encounter by breaking them down into a readable format, providing descriptions for standard headers, and flagging potential security issues.

How to Use This Parser

  1. Copy headers from your browser's Developer Tools (Network tab), a curl -v response, or any HTTP client output.
  2. Paste the raw headers into the text area. The parser handles both request headers (starting with METHOD /path HTTP/1.1) and response headers (starting with HTTP/1.1 200 OK).
  3. Click Parse or enable auto-parse to see the structured table with descriptions for each header.
  4. Review security alerts — the tool flags missing security headers and suspicious values.
  5. Use the sample button to see example output if you don't have headers handy.

Common HTTP Headers Reference

Request Headers

  • Host — The target domain and port
  • User-Agent — Client software identifier
  • Accept — Media types the client can handle
  • Authorization — Credentials for authentication
  • Content-Type — Media type of the request body
  • Cookie — Stored cookies sent to the server
  • Referer — Previous page URL

Response Headers

  • Content-Type — Media type of the response body
  • Set-Cookie — Cookie to store on the client
  • Cache-Control — Caching directives
  • Location — Redirect URL (3xx responses)
  • Strict-Transport-Security — HSTS policy
  • Content-Security-Policy — CSP directives
  • Access-Control-Allow-Origin — CORS policy

FAQs

What format should the headers be in?

Paste headers exactly as they appear in raw HTTP format. Each header on its own line as Name: Value. The parser supports both request format (GET /path HTTP/1.1) and response format (HTTP/1.1 200 OK).

How do I copy headers from Chrome DevTools?

Open DevTools (F12) → Network tab → click a request → Headers tab → right-click in the "Request Headers" or "Response Headers" section → Copy as cURL (which includes headers) or copy individual sections.

What security issues does this tool detect?

It checks for missing security headers like Strict-Transport-Security, Content-Security-Policy, X-Frame-Options, X-Content-Type-Options, and others. It also flags insecure cookie configurations and suspicious cache directives.

Are my headers sent to a server?

No. All parsing happens entirely in your browser. No data is transmitted to any server. Your headers remain private.