Analyze any website's HTTP response headers for security misconfigurations. Check HSTS, CSP, cookie flags, server disclosure, and more.
| Header | Value |
|---|
curl -s -X POST https://nopii.xyz/v1/headers/inspect \ -H "Content-Type: application/json" \ -d '{"url":"https://google.com"}'
No API key required. Rate limited to 15 requests/day per IP.