Response Headers Parser
Parse and diagnose HTTP headers and routing signals in your browser. No input is sent to a server. Use it for first-pass observation-gap troubleshooting.
Status
Runs in your browser. No input is sent to a server. Use this as a first-pass diagnostic step.
How to use
Paste Response Headers from DevTools and click “Parse”. It shows a normalized list and summary.
Notes (this tool)
- Duplicate header fields have header-specific merge rules. Check original raw headers as well.
- Proxies/CDNs may rewrite headers in transit. Compare captures from equivalent points.
About this page
What does this tool do?
Paste response headers, normalize them into name: value lines, and extract key headers.
Quickly check Cache-Control / Set-Cookie / Content-Type and more.
It helps you see “what headers are in play” at a glance, making it a good entry point for troubleshooting and audits.
Response headers basics
- Response headers strongly affect client behavior (caching/security/downloads, etc.).
- Headers can be multi-line or duplicated (e.g., Set-Cookie).
- DevTools copy formats vary; normalizing is helpful for sharing.
How to copy from DevTools
- Network → select request → Headers → copy Response Headers
- Paste all Set-Cookie lines (often multiple)
- Review sensitive values (e.g., Set-Cookie) before sharing
Typical use cases
- Diagnose caching issues
- Inspect cookie storage conditions and SameSite
- Verify security headers
Headers worth checking (examples)
- Cache-Control: caching behavior
- Set-Cookie: session persistence and attributes (SameSite/Secure, etc.)
- Content-Type: parsing/encoding/download assumptions
- CSP/HSTS/Referrer-Policy/X-Frame-Options: baseline web security headers
Debugging workflow (recommended)
- Paste all headers here to extract key points
- Deep-dive with dedicated tools (Cache-Control/Cookie/Content-Type/CSP/HSTS, etc.)
- Compare success vs failure cases to find differences
Common pitfalls
- Missing additional Set-Cookie lines
- Looking only at Cache-Control and missing Expires/ETag/Last-Modified
- Garbled text due to missing charset in Content-Type
Security & privacy notes
Response headers can include sensitive data (e.g., Set-Cookie). Review before sharing.
- This tool runs locally and does not send input.
- Mask cookie values before sharing.
Related tools
- Cache-Control Inspect
- Cookie Inspect / Set-Cookie Builder
- Content-Type Inspect
- CSP Inspect / HSTS Inspect / Referrer-Policy Inspect / X-Frame-Options Inspect
What this tool does
- Normalize and list headers
- Extract key headers
- Handle multiple Set-Cookie lines
FAQ
How do I paste Response Headers?
Open the request in DevTools Network, then copy Headers → Response Headers and paste it here.
Is it normal to have multiple Set-Cookie headers?
Yes. When setting multiple cookies, Set-Cookie appears multiple times.
Operational notes
- Intermediaries may rewrite headers. Compare captures from equivalent points.
- Confirm final decisions with server logs and configuration such as trusted proxy and routing.
Referenced specs
- RFC 9110 (HTTP Semantics)
- RFC 6265 (HTTP Cookies)
References
Next to view (diagnostic order)
These links are generated from site_map rules in recommended diagnostic order.
- Retry-After Inspect — Parse Retry-After and inspect retry wait behavior
- Server-Timing Inspect — Parse Server-Timing and inspect latency metrics
- Link Header Inspect — Parse Link headers and inspect rel/as/type
- Content-Type Inspect — Parse Content-Type and inspect MIME/charset
- X-Content-Type-Options Inspect — Parse X-Content-Type-Options and validate nosniff
- HTTP Status Inspect — Analyze HTTP status codes and suggest handling direction
- How to Diagnose Retry Storms on 429/503 — Isolate Retry-After parsing and client implementation gaps to stop excessive retries
- How to Diagnose JS/CSS Blocks from nosniff Mismatch — Trace Content-Type vs nosniff mismatches, fallback responses, and delivery-layer rewrites
Same-theme links
Response Header Diagnostics
Step through raw headers to inspect Retry-After, Server-Timing, Link, and Content-Type
- HTTP Header Parser — Parse raw headers into structured lists
- Set-Cookie Inspect — Parse Set-Cookie attributes and review delivery policy
- Cookie Domain/Path Matcher — Evaluate cookie send conditions by Domain/Path/Secure
- SameSite Cookie Simulator — Simulate cookie send behavior from SameSite and request context
- Set-Cookie Conflict Checker — Detect same-name cookie conflicts and overwrite risks
- Cookie Size Checker — Estimate Cookie header size and check limit risks
- Retry-After Inspect — Parse Retry-After and inspect retry wait behavior
- Server-Timing Inspect — Parse Server-Timing and inspect latency metrics
- Link Header Inspect — Parse Link headers and inspect rel/as/type
- Content-Type Inspect — Parse Content-Type and inspect MIME/charset
- X-Content-Type-Options Inspect — Parse X-Content-Type-Options and validate nosniff
- HTTP Status Inspect — Analyze HTTP status codes and suggest handling direction