HTTP Header Diff

Compare request and response headers side by side

Paste two raw HTTP header blocks to spot added, removed, and changed values instantly. Great for debugging proxy issues, CDN behavior, auth differences, and staging-vs-production drift.

Left headers

Current request, response, or production headers

0 headers

Right headers

New request, response, or staging headers

0 headers

Added

0

Removed

0

Changed

0

Unchanged

0

Header diff

Header names are normalized case-insensitively and sorted alphabetically.

Paste HTTP headers or load the sample to start comparing.

Parsing notes

Left block

Duplicates: 0 · Invalid lines: 0

Right block

Duplicates: 0 · Invalid lines: 0

Good for

  • Comparing CDN, proxy, or cache headers between environments
  • Checking auth and CORS headers before and after a config change
  • Reviewing request headers captured from devtools, curl, or logs

About HTTP Header Diff

The HTTP Header Diff tool lets you compare two raw HTTP header blocks side by side and instantly see every header that was added, removed, or changed between them. It runs entirely in your browser — no data is sent to any server.

  • Color-coded diff: green for added headers, red for removed headers, amber for changed values.
  • Case-insensitive header name comparison — Content-Type and content-type are treated as the same header.
  • Duplicate header detection highlights headers that appear more than once in a single block.
  • Malformed line validation flags entries that don't follow the Name: Value format.
  • Filterable results table — isolate changed, added, or removed headers to focus your review.
  • One-click copy exports the filtered diff as plain text for PR descriptions or incident notes.

How to Compare HTTP Headers Online

  1. 1

    Capture your baseline headers

    Copy headers from your browser DevTools Network tab, a curl -I response, a proxy log, or any HTTP client output.

  2. 2

    Paste the baseline into the Left panel

    This is typically your current production, pre-deploy, or known-good header block.

  3. 3

    Paste the new headers into the Right panel

    Use the updated, staging, or post-deploy headers you want to compare against the baseline.

  4. 4

    Review the Header Diff table

    The diff runs automatically and sorts headers alphabetically. Use the filter to show only changed, added, or removed rows.

  5. 5

    Check Parsing Notes for warnings

    The sidebar shows duplicate headers and malformed lines so you can fix them before the next deploy.

  6. 6

    Copy the filtered report

    Click "Copy filtered report" to export the diff as plain text and paste it into an incident report, PR, or Slack thread.

Tip: Enable "Hide unchanged" to cut through noise and focus only on headers that actually differ between the two blocks.

Common Use Cases

CDN & Proxy Debugging

  • • Compare headers before and after traffic passes through a CDN or reverse proxy.
  • • Verify that Cache-Control, X-Cache, and Vary headers are set correctly.
  • • Detect headers being stripped or injected unexpectedly by middleware.

CORS Configuration Review

  • • Diff Access-Control-Allow-Origin and related headers across environments.
  • • Confirm preflight response headers match your frontend's expectations.
  • • Spot missing or overly permissive CORS headers before going live.

Auth & Security Headers Audit

  • • Compare Authorization, WWW-Authenticate, and token headers between requests.
  • • Verify security headers like Strict-Transport-Security, X-Frame-Options, and Content-Security-Policy are present.
  • • Catch header regressions introduced by a config or middleware change.

API Development & Testing

  • • Compare request headers sent by different API clients or SDK versions.
  • • Verify that custom headers like X-Request-Id or X-Api-Version are forwarded correctly.
  • • Debug header-based routing rules in API gateways.

Staging vs. Production Drift

  • • Identify headers that differ between your staging and production servers.
  • • Ensure feature flags and environment identifiers are set correctly per environment.
  • • Document header changes as part of your release checklist.

Incident Investigation

  • • Compare headers captured before and during an outage or degraded service.
  • • Quickly identify which headers changed after a deploy that caused a regression.
  • • Export the diff report and include it in your post-mortem or incident ticket.

Frequently Asked Questions

Is my data safe? Are my headers sent to a server?

No. All processing happens entirely in your browser using JavaScript. Your HTTP headers — including any authorization tokens or session cookies they may contain — are never uploaded, logged, or stored anywhere.

What header format does the tool accept?

The tool accepts standard HTTP header format: one Name: Value pair per line, as produced by browser DevTools, curl -I, Postman, or any HTTP proxy. The first line can optionally be an HTTP status line (e.g. HTTP/1.1 200 OK) — it will be flagged as invalid and skipped.

Are header name comparisons case-sensitive?

No. Header names are normalized to lowercase before comparison, following the HTTP/1.1 and HTTP/2 specifications. So Content-Type, content-type, and CONTENT-TYPE are all treated as the same header.

What counts as a duplicate header?

If the same header name (case-insensitively) appears more than once in a single block, it is flagged as a duplicate. While some headers like Set-Cookie are legitimately repeated, duplicates in most headers indicate a misconfiguration that can cause unpredictable behavior.

What is an invalid line?

A line that is not empty and doesn't follow the Name: Value pattern is flagged as invalid. Common causes include HTTP status lines, continuation lines, or copy-paste artifacts from a terminal or log file.

How do I get headers to paste into this tool?

In Chrome or Firefox DevTools, open the Network tab, select a request, and copy the request or response headers from the Headers panel. You can also use curl -sI https://example.com in a terminal, or export headers from Postman, Insomnia, or any HTTP proxy like Charles or mitmproxy.

Can I compare request headers and response headers together?

Yes — the tool doesn't distinguish between request and response headers. You can paste any two raw header blocks and it will diff them. Just be consistent: compare request-to-request or response-to-response for the most meaningful results.

How is this different from using diff in a terminal?

The Unix diff command is line-order-sensitive. This tool performs a semantic diff keyed on header names, so reordering headers between requests doesn't produce false positives. It also normalizes casing and surfaces duplicate or malformed entries automatically.