Every web developer has had this moment: you check your app's response headers, see a wall of Content-Type and Cache-Control, and wonder — is this actually secure? Which headers am I missing? What does Permissions-Policy do again?
I built HTTP Header Analyzer to answer those questions instantly. Paste any set of HTTP response headers and get a security score, missing header warnings, cache analysis, and recommended values — all in the browser, zero dependencies, zero server.
What it does
Paste headers in Key: Value format (one per line) and click Analyze Headers. The tool:
Scores security headers from 0–100 with a letter grade (A+ → F)






