HTTP response headers lint
Related tools
Validators and utilities that complement HTTP response headers lint — same session, no sign-up.
Lightweight lint on pasted response headers: duplicates, Cache-Control, HSTS max-age, nosniff, charset hints. Does not connect to remote hosts.
Paste response lines from DevTools or a proxy (status line optional). Checks duplicates, Cache-Control, HSTS, X-Content-Type-Options, and a few Content-Type hints.
How to use this tool
- Paste your sample in the input (or fetch from URL if this tool supports it).
- Run the main action on the page to execute HTTP response headers lint.
- Read the result, fix the source data or config, and re-run if needed.
What this check helps you catch
- Lightweight lint on pasted response headers: duplicates, Cache-Control, HSTS max-age, nosniff, charset hints. Does not connect to remote hosts.
- Limits called out in the description (what this tool does not verify — e.g. live network reachability, issuer databases, or strict schema contracts unless stated).
- Structural or syntax mistakes that would break parsers, serializers, or the next step in your workflow.
FAQ
- What does HTTP response headers lint do?
- Lightweight lint on pasted response headers: duplicates, Cache-Control, HSTS max-age, nosniff, charset hints. Does not connect to remote hosts. Use the form above, then see “How to use” and “What this check helps you catch” for behavior detail.
- Is this a substitute for server-side validation?
- No. Use it for manual checks and triage; production systems should still validate and authorize on the server.
- Where does processing happen?
- Most validators here run in your browser. If a tool calls an API, that is stated on the page. See the site privacy policy for data handling.