Orlixio

Web and HTTP

Debug HTTP headers

Headers often explain API failures faster than the body: content type, cache state, auth challenges, CORS, and cookies all live there.

Goal: Understand why a browser or API client handles a response differently than expected.

Workflow steps

  1. Step 1

    Copy raw headers

    Use browser DevTools, cURL, or server logs. Include the status line when available.

  2. Step 2

    Parse into structured JSON

    Use HTTP Headers Parser to make duplicate names, casing, and values easier to inspect.

  3. Step 3

    Check the high-signal headers

    Start with content-type, cache-control, location, set-cookie, authorization challenges, and CORS headers.

  4. Step 4

    Compare client behavior

    If cURL succeeds but the browser fails, inspect CORS, credentials, cookies, and mixed-content rules.

Real examples

Raw response headers

HTTP/2 200
content-type: application/json
cache-control: no-store
x-request-id: abc123

CORS clue

access-control-allow-origin: https://app.example.com

Common pitfalls

Looking only at the response body.

Forgetting that header names are case-insensitive.

Sharing cookies or Authorization headers unredacted.