About HttpFixer
HttpFixer is a free, browser-based suite of HTTP developer tools. We build fixers, not checkers — every tool ships the exact copy-paste config to resolve the issue, detected for your specific stack.
Our philosophy
What makes HttpFixer different
securityheaders.com tells you HSTS is missing. HeadersFixer tells you the exact add_header directive for your Nginx config, the Cloudflare Transform Rule, and the vercel.json entry — detected from your live URL's Server header.
Mozilla Observatory gives you a grade. HttpFixer gives you the config to change the grade. This is the fixer-not-checker philosophy applied to every tool in the suite.
The tools
| Tool | What it fixes |
|---|---|
| HeadersFixer | Missing or misconfigured HTTP security headers |
| CORSFixer | CORS preflight failures — live OPTIONS request to your API |
| OAuthFixer | OAuth 2.0 / OIDC errors — invalid_grant, redirect_uri_mismatch, PKCE |
| CSPFixer | Content Security Policy — scan live page, generate working policy |
| EdgeFix | Cache-Control, CDN, and edge caching misconfiguration |
| SpeedFixer | PageSpeed failures — live PSI audit with stack-specific config |
| Header Diff | Compare headers between two URLs — staging vs production |
| Cache Simulator | Visualise Cache-Control directive behaviour |
| HSTS Preload | Check preload list status and HSTS header requirements |
Part of MetricLogic
HttpFixer is part of the network of free developer diagnostic tools:
- ConfigClarity.dev — Server & DevOps audit tools (cron, SSL, Docker, firewall)
- DomainPreflight.dev — Domain & email authentication (DNS, DMARC, WHOIS)
- HttpFixer.dev — HTTP headers, CORS, CSP, OAuth (you are here)
Open source
All HttpFixer code is MIT licensed and public at github.com/metriclogic26/httpfixer. The moat is the live data fetch — not the code.