Start here
📋 Pre-Launch HTTP Checklist
20 HTTP checks before you ship. Security headers, CSP, CORS, cache, redirects, staging — every check with a direct link to the fix tool. State saves in your browser.
All HttpFixer Tools
Free browser-based developer tools. No signup, no backend, nothing leaves your browser.
🔍
Core tools — live URL scanning
HeadersFixer
Scan any URL for missing or misconfigured HTTP security headers. Get exact Nginx, Vercel, Cloudflare, Express config.
Core CORSFixer
Send a real OPTIONS preflight to your API endpoint. See exactly what headers are missing and get the fix for your framework.
Core OAuthFixer
Diagnose OAuth 2.0 errors — invalid_grant, redirect_uri_mismatch, PKCE failures. Provider-specific fixes for Auth0, Okta, Cognito, Google.
Core CSPFixer
Scan your live URL, find all blocked resources, and generate a working Content Security Policy. No unsafe-inline required.
Core EdgeFix
Audit Cache-Control, Vary, Age, X-Cache, ETag headers. Find why your CDN is not caching and get the fix for your stack.
Core SpeedFixer
Live PageSpeed Insights audit on your URL. Detects your stack and generates the exact Nginx/Vercel/Cloudflare config to fix each failing audit.
Core New tools — specialist utilities
Header Diff
Compare HTTP headers between two URLs side by side. Find what is missing in production that staging has, or vice versa.
New Cache-Control Simulator
Paste any Cache-Control header value and see a visual timeline. Understand stale-while-revalidate, s-maxage, and stale-if-error instantly.
New HSTS Preload Checker
Check if your domain is on the HSTS preload list built into browsers. See your HSTS header, requirements checklist, and how to get listed.
New Generators — build from scratch
CSP Generator
Build a Content Security Policy by selecting your sources. Outputs header value and Nginx/Vercel config.
Generator CORS Header Generator
Select origin, methods, and headers. Get Nginx, Express, and FastAPI CORS config in one click.
Generator Security Headers Generator
Configure all 9 security headers. Outputs Nginx and Vercel config with safe defaults pre-selected.
Generator Permissions-Policy Generator
Control camera, microphone, geolocation. Block unused browser features with copy-paste output.
Generator More tools — validators & debuggers
CSP Validator
Validate a CSP string against the W3C spec. Flags unsafe-inline, missing directives, and syntax errors.
New
JWT Debugger
Decode and validate JSON Web Tokens. Flags none algorithm, missing expiry, expired tokens. Client-side only.
New
Security Headers Scorer
Score your security headers 0-100 with per-header breakdown and direct fix links for every issue.
New
Mixed Content Fixer
Find HTTP resources on your HTTPS page. Generates upgrade-insecure-requests CSP and stack-specific fix.
New
SSL Chain Visualizer
Visualize your SSL certificate trust chain and check cipher suite strength. Flags missing intermediates, weak ciphers, and TLS version issues.
New
Redirect Chain Fixer
Follow every redirect hop in real time. Detects loops, identifies your stack, generates the ERR_TOO_MANY_REDIRECTS fix.
New
Cache-Control Generator
Generate Cache-Control headers for any asset type with stack-specific Nginx, Vercel, Cloudflare, and Express config.
New