Privacy Policy & Terms of Use

Last updated: April 3, 2026 · Applies to httpfixer.dev

 Short version: HttpFixer collects no personal data, runs entirely in your browser, and has no backend server. Your URLs, configs, and credentials never leave your device. 

1. What We Collect

Nothing. HttpFixer does not collect, store, or transmit any personal information. Specifically:

No account registration or login required
No cookies set by HttpFixer (third-party fonts may set cookies)
No analytics tracking on individual users
No server logs containing your IP address or browsing behavior
No data submitted to any HttpFixer backend — because there is no backend

2. How the Tools Work

All HttpFixer tools run entirely in your browser using client-side JavaScript:

HeadersFixer, CORSFixer, CSPFixer, EdgeFix, SpeedFixer — fetch data directly from the URL you provide, from your browser. The response is processed locally and never sent to our servers.
OAuthFixer — processes your OAuth error codes locally. No OAuth tokens or credentials are transmitted to HttpFixer.
Generator pages — all config generation happens in-browser JavaScript. No data is sent anywhere.

The only network requests made are:

From your browser to the URL you provide (to fetch headers)
From our Cloudflare Workers proxy — stateless, discards requests immediately, logs nothing
To Google PageSpeed Insights API (SpeedFixer only) — subject to Google's privacy policy

3. Third-Party Services

HttpFixer uses the following third-party services:

Vercel — static site hosting. Vercel may log request metadata (IP address, user agent) per their privacy policy at vercel.com/legal/privacy-policy
Cloudflare — DNS, CDN, and Workers proxy. Subject to Cloudflare's privacy policy
Google Fonts — JetBrains Mono font. Google may log font requests per their privacy policy
Google PageSpeed Insights API — used by SpeedFixer to fetch audit data. Subject to Google's API terms

HttpFixer has no affiliation with these services beyond standard usage. We do not share user data with them — we simply use their infrastructure.

4. Affiliate Links

Some tool result pages include affiliate links to hosting providers (Cloudflare, Hetzner, DigitalOcean, Vercel, WP Rocket). If you click these links and make a purchase, HttpFixer may earn a commission at no cost to you. Affiliate links are clearly associated with the fix action they relate to and are never placed deceptively.

5. Open Source

HttpFixer is MIT licensed. All tool code is public at github.com/metriclogic26/httpfixer. You can verify exactly what the tools do by reading the source code.

6. Terms of Use

By using HttpFixer, you agree to the following:

You will only scan URLs and configurations that you own or have explicit permission to test
You will not use HttpFixer to scan systems without authorization
HttpFixer provides configurations for informational purposes only — always test in a staging environment before deploying to production
HttpFixer accepts no liability for misconfiguration, data loss, security incidents, or downtime resulting from configurations generated by these tools

7. Disclaimer

Configurations generated by HttpFixer are based on open standards (OWASP, RFC, MDN, schema.org). They are provided as informational starting points, not guarantees. HttpFixer does not claim that its output will make your site GDPR compliant, PCI DSS certified, or free from security vulnerabilities. Always verify manually and consult a security professional for production systems handling sensitive data.

8. Changes to This Policy

If this policy changes materially, the "Last updated" date above will be updated. Since we collect no data, most changes will be clarifications rather than substantive policy shifts.

9. Contact

Questions about this policy: open an issue at github.com/metriclogic26/httpfixer/issues. We do not have a support email — GitHub issues are the best way to reach us.