HTTP Security Header Checker - Online HSTS, CSP, X-Frame Analysis
Paste response headers string and get a security audit. Check presence and configuration of key security headers. Local analysis.
UD5 Toolkit
Instantly analyze HTTP response headers of any URL to detect potential browser extension injected scripts or suspicious modifications.
| Header Name | Value |
|---|
X-Chrome-Extension, X-Firefox-Extension, or custom X-* headers added by privacy tools, ad blockers, or shopping assistants may indicate extension activity. We also flag unusual CSP directives that allow extension resources.Paste response headers string and get a security audit. Check presence and configuration of key security headers. Local analysis.
Browse Unicode by block: Latin, Cyrillic, CJK, Emoticons. See characters and copy with a click. Full reference.
See which fonts map to generic families (serif, sans‑serif, monospace) on different operating systems. A handy reference.
Check if the browser has captured the beforeinstallprompt event. Understand why your PWA is (or isn't) installable.
Paste your CSS and see warnings for properties that have limited browser support. Links to CanIUse. Modernize safely.
Check if a password appears in the Have I Been Pwned database using k‑Anonymity. Only the first 5 characters of the hash are sent.
Check which cipher suites a website supports and identify weak or outdated ones. Quick security audit from your browser.
Browse the built‑in styles that browsers apply to HTML elements. Understand why your page looks different. Static reference.
Enter an API URL and quickly check its HTTP status code and response time. See response headers and body. Browser fetch.
Type any character and see how it renders in different font stacks. Detect missing glyphs and fallback behavior.
Select a folder of images and start a full‑screen slideshow right in your browser. Adjust interval and transition. No upload.
See how many tabs you have open and estimate memory usage based on navigator object. Fun productivity check.
Generate a hash showing how trackers can fingerprint your browser (canvas, WebGL, fonts). Educational and privacy‑aware.
Enter a URL and get a one‑page report of titles, description, headings, image alts, and broken links. All from browser.
Enter a package name and version range to see all satisfying versions from the registry. Understand ^ and ~.
Check if an IBAN has the correct length and structure for its country. Early validation, no bank connection.
Drop an image that might have wrong extension and see its real format (JPEG, PNG, WebP) based on header bytes.
Enter a URL and see its favicon at all standard sizes. Check if it's properly defined. SEO basic check.
Trace the full redirect path of a URL. See every hop, status code, and final destination. Detect broken chains.
Paste your email body and subject, and get a spam score based on common trigger words and patterns. Improve your cold outreach.
Type a word to see all its homophones with definitions. Avoid embarrassing mistakes (their/there/they’re). Static dictionary.
Paste a raw cookie string and see a formatted key‑value table. Debug session cookies and understand flags. Runs in browser.
Enter a year to check if it is a leap year. Shows the rule explanation and next/previous leap years. Simple reference.
Find out if a word is an isogram (no repeating letters). Different types: first-order, second-order. Word nerd fun.
Check if a word or phrase is a palindrome (reads same forward and backward). Live validation and fun facts.
Record your screen, application window, or browser tab directly using the Screen Capture API. Download as WebM. All local.
Display a dynamic list of keyboard shortcuts for the current browser and operating system. Filter by category. Keep it open for reference.
Preview the Gravatar image associated with any email address. Generate the correct Gravatar URL. Handy for avatar debugging.
Check if a website is globally reachable or experiencing issues. Status code and latency displayed. Quick browser-side test.
Enter a URL and see the full HTTP response headers returned by the server. Detect redirects and server type. Useful for SEO and web debugging.