Web Security

HTTP Security Headers Analyzer

Paste raw response headers — curl -I output, browser DevTools "raw" view, or anything that puts each header on its own line — and get a graded breakdown of every security-relevant one, with directive-level analysis for CSP and recommendations for what's missing or weak.

TLS Cipher Decoder → MAC / OUI Tool →

Fetch from URL

Submits the URL to a stateless Cloudflare Worker (no logging) which fetches it server-side and returns the response headers. Or paste raw headers below.

Response headers

Each line should be Header-Name: value. Status lines (HTTP/2 200) are ignored.

Paste headers above (or load a sample) to see the analysis.

Three sheets: Summary, Per-header analysis (current value, recommended, points, why it matters, how to fix on nginx / Apache / Cloudflare / Express.js), and CSP directives when present. Copy buttons output the per-header sheet only as TSV.

Recommended Header Reference

Minimum-viable secure values for each header analyzed by this tool. Tune to taste — some defaults (like a strict CSP) require careful integration with your app.

Network & Security Architect

Need help on a network or security project?

I take consulting engagements for network design, segmentation, and security architecture reviews. Reach out to scope something — direct, or via Upwork.

Work with me → On Upwork →