About HTTP Header Inspector

Pretty-print raw HTTP headers with inline meanings. Part of the DevTools Surf developer suite. Browse more tools in the Web / Frontend collection.

Use Cases

• Frontend developers debugging failed API requests in the browser
• Backend developers verifying correct response headers for caching and CORS
• Security auditors checking for missing headers like HSTS and CSP
• DevOps engineers inspecting headers returned by CDN and proxy layers

Tips

• Paste raw HTTP headers to see inline explanations for each one
• Look for security headers like X-Content-Type-Options in the output
• Use it to compare request and response headers side by side

Fun Facts

• HTTP/1.1 headers are plain text key-value pairs separated by CRLF — HTTP/2 compresses them using HPACK, reducing header overhead by up to 85%.
• The User-Agent header string has become absurdly long over decades because browsers append compatibility tokens — most modern UA strings exceed 100 characters.
• The Referer header was intentionally misspelled in the original HTTP specification (RFC 1945, 1996). The typo was preserved for backward compatibility.

FAQ

What's the output?

Headers pretty-printed with inline explanations — what each header means, its value's significance, security implications. Like reading commented code.

Is it different from Header Analyzer?

Yes — Analyzer focuses on flagging issues and scoring security posture. Inspector is educational: 'here's what this header does'. Use Inspector to learn; Analyzer to audit.

Does it recognize custom headers?

Common ones (X-Request-ID, X-Forwarded-For, X-RateLimit-*) are explained. Truly custom ones show value-only without commentary.

Where do I paste input?

Raw HTTP response headers copied from curl -i or browser DevTools. Each line is one header.