GitHub Pages tools

Gratis HTTP Header Parser & Uitlegger

Plak ruwe HTTP-response-headers en krijg een gegroepeerde uitleg in begrijpelijke taal van elke header.

Tool laden...

Wat is HTTP Header Parser & Uitlegger?

HTTP response headers are metadata sent by the server alongside the page content. They control caching, security, content handling, CORS access, and redirection. Understanding what each header does is essential for debugging page behavior, optimizing performance, and securing a site. This tool parses raw headers and explains each one in plain English.

Snel antwoord

Paste HTTP response headers to get plain-English explanations of each one. Headers are grouped by function (cache, security, CORS, content, redirection). The parser flags missing security headers like HSTS, X-Content-Type-Options, and X-Frame-Options.

Beperkingen

This parser explains individual headers but cannot verify cross-header consistency or detect all conflicting configurations. Some header interactions require understanding of the full site architecture.
Header names are not case-sensitive per the HTTP spec, but the parser normalizes to lowercase for matching. Unusual header casing or formatting may cause mismatches.
Some proprietary or non-standard headers (X- prefixed headers from specific vendors) may not be recognized. The parser groups unrecognized headers under Other.

Zo gebruik je deze tool

Copy response headers from browser DevTools (Network tab > Response Headers), curl -I output, or server logs.
Paste them into the text area. The tool parses each header, groups them by function, and explains what each one does.
Review the security advisories for any missing security headers and follow the next-steps recommendations.

Waarvoor je het kunt gebruiken

Debug why a page is not caching correctly by reviewing the Cache-Control, ETag, and Expires headers.
Audit a site's security headers to check for missing HSTS, Content-Type-Options, or Frame-Options.
Understand a third-party API response's CORS headers to debug cross-origin fetch failures.

Gebruik

Praktische voorbeelden

Voorbeeld

Debugging cache issues

A developer notices pages are not caching. Paste the response headers into the parser. It shows Cache-Control: no-cache which explains the behavior — the browser must revalidate on every request.

Voorbeeld

Security header audit

A site owner pastes their response headers to check security. The parser flags missing Strict-Transport-Security, X-Content-Type-Options, and X-Frame-Options headers with remediation advice.

Veelgemaakte fouten

Pasting request headers instead of response headers — request headers (sent by the browser) have different meanings than response headers (sent by the server).
Overlooking security advisories — missing security headers leave the site vulnerable to well-known attacks that are easy to prevent.
Assuming headers from a CDN or proxy are the same as origin headers — CDNs often add, remove, or modify headers.

Verificatie

Paste the headers from a production URL (not localhost) to get accurate security advisories.
Re-check headers after making server or CDN configuration changes to confirm they are deployed correctly.

FAQ

Vragen over HTTP Header Parser & Uitlegger

Where do I find HTTP response headers?

In Chrome/Edge DevTools: Network tab > select a request > Headers section > Response Headers. In curl: curl -I https://example.com. In Firefox: Network tab > select request > Headers > Response Headers. In server logs: check your web server's access or debug log configuration.

Why are some security headers missing from my site?

Many web servers and static hosts (including GitHub Pages) do not add security headers by default. You must configure them explicitly through server config, CDN rules, or a _headers file. Some headers like HSTS are not available on GitHub Pages at all and require a CDN in front.

Gerelateerde tools