HTTP Header Parser

Analyze and understand HTTP headers with detailed explanations for each header.

HTTP Headers

Enter HTTP headers in "Name: Value" format, one per line.

Sample HTTP Headers

Request Headers

Host: api.example.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36
Accept: application/json
Accept-Language: en-US,en;q=0.9
Accept-Encoding: gzip, deflate, br
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...
Content-Type: application/json
Origin: https://example.com
Referer: https://example.com/dashboard

Response Headers

HTTP/1.1 200 OK
Date: Mon, 27 Jan 2025 10:30:00 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 1234
Cache-Control: max-age=3600
ETag: "abc123"
X-Request-Id: req-12345
X-RateLimit-Limit: 1000
X-RateLimit-Remaining: 999
Access-Control-Allow-Origin: *
Strict-Transport-Security: max-age=31536000; includeSubDomains

What Are HTTP Headers?

HTTP headers are key-value pairs sent between the client (browser) and server with every HTTP request and response. They carry metadata about the message — content type, encoding, authentication credentials, caching instructions, security policies, and more. Understanding HTTP headers is essential for web development, API design, security hardening, and performance optimization.

Categories of HTTP Headers

Category	Examples	Purpose
Content	`Content-Type`, `Content-Length`, `Content-Encoding`	Describe the message body
Caching	`Cache-Control`, `ETag`, `Last-Modified`	Control browser and CDN caching
Security	`Content-Security-Policy`, `Strict-Transport-Security`, `X-Frame-Options`	Protect against attacks
Authentication	`Authorization`, `WWW-Authenticate`	Handle identity and access
CORS	`Access-Control-Allow-Origin`, `Access-Control-Allow-Methods`	Control cross-origin requests
Cookies	`Set-Cookie`, `Cookie`	Manage session state

Common Use Cases

API Debugging: Inspect response headers to diagnose caching, CORS, or content-type issues.
Security Auditing: Verify that security headers (CSP, HSTS, X-Content-Type-Options) are correctly configured.
Performance Analysis: Check caching headers, compression settings, and transfer encoding to optimize load times.
Authentication Troubleshooting: Examine Authorization and Set-Cookie headers to debug login and session issues.

How to Use This Tool

Paste your HTTP headers into the input area.
Click Parse to analyze the headers.
View each header name, value, and description.
Identify security headers, caching directives, and content types.

Why Use This Tool?

Quickly understand and debug HTTP response headers.
Identify missing security headers (CSP, HSTS, X-Frame-Options).
Analyze caching behavior and content negotiation.
Essential for web developers and security auditors.

Frequently Asked Questions

Are HTTP headers case-sensitive?

Header names are case-insensitive per the HTTP specification (RFC 7230). Content-Type and content-type are equivalent. However, header values may be case-sensitive depending on the specific header.

What is the difference between request and response headers?

Request headers are sent by the client to the server (e.g., Accept, Authorization). Response headers are sent by the server back to the client (e.g., Content-Type, Set-Cookie). Some headers like Cache-Control appear in both.