#headers

Construye encabezados de respuesta CORS correctos y evalúa solicitudes preflight — sin tener que releer la especificación cada vez. El endpoint de encabezados convierte una política simple (orígenes permitidos, métodos, encabezados de solicitud, si se permiten credenciales, una edad máxima de preflight y cualquier encabezado de respuesta expuesto) en el conjunto exacto de encabezados Access-Control-* a devolver, y maneja las partes que la gente suele equivocar: no se puede combinar un origen comodín con credenciales, por lo que refleja el origen de solicitud específico y agrega Vary: Origin; omite el encabezado allow-origin cuando un origen no está en su lista; y advierte cuando una configuración no se comportaría como se espera. El endpoint de verificación toma una solicitud entrante — su Origin, el método (solicitado) y Access-Control-Request-Headers — y le indica si pasaría CORS, la razón precisa si falla, y los encabezados de respuesta que debe enviar. Todo se calcula local y determinísticamente, por lo que es instantáneo y privado. Ideal para puertas de enlace API y backends, funciones edge y serverless, depuración de errores CORS del navegador y obtener una política de seguridad exacta. Cálculo puramente local — sin clave, sin servicio de terceros, instantáneo. En vivo, nada almacenado. 3 endpoints. Esto construye y verifica los encabezados; no realiza una solicitud de origen cruzado — para inspeccionar los encabezados de seguridad de un sitio en vivo, use una API de encabezados de seguridad.

api.oanor.com/cors-api

解析和构建 HTTP Content-Disposition 标头（RFC 6266，含 RFC 5987 filename* 编码）。parse 端点将标头解析为其处置类型（attachment、inline 或 form-data）、文件名——正确解码扩展的 filename*=UTF-8''… 形式，并严格按照规范优先于普通文件名——以及 form-data 字段名和任何剩余参数。build 端点从简单字段组装正确的标头，当文件名包含非 ASCII 字符（重音、表情符号、中日韩文字）时，自动发出 ASCII 回退文件名和百分号编码的 filename*，以便每个浏览器显示正确的下载名称，同时旧客户端仍能工作。所有计算均在本地确定性地完成，因此即时且私密——从不获取或存储任何文件。非常适合文件下载和上传端点、对象存储和 CDN、内容网关和代理、电子邮件和多部分处理，以及调试下载命名错误的问题。纯本地计算——无需密钥，无需第三方服务，即时。实时，不存储任何内容。3 个端点。此 API 构建和解析标头字符串本身；不提供文件服务。

api.oanor.com/contentdisposition-api

Analizza e costruisce intestazioni HTTP Cache-Control (RFC 9111). L'endpoint di analisi trasforma un'intestazione Cache-Control in direttive strutturate e nominate — public e private, no-store, no-cache, no-transform, max-age e s-maxage, must-revalidate e proxy-revalidate, immutable, stale-while-revalidate, stale-if-error, min-fresh e max-stale — insieme a un rapido riepilogo: se la risposta è memorizzabile nella cache, se deve essere convalidata prima dell'uso, la sua visibilità (public o private) e la sua max-age in secondi. L'endpoint di costruzione assembla un'intestazione corretta e ordinata canonicamente da campi booleani e numerici semplici, convalidando che le direttive basate su secondi siano interi non negativi e citando le forme field-list di no-cache e private. Tutto viene calcolato localmente e deterministicamente, quindi è istantaneo e privato. Ideale per configurazioni CDN e edge, proxy di caching e proxy inversi, risposte API e ottimizzazione di asset statici, e debug del motivo per cui una risposta viene (o non viene) memorizzata nella cache. Puro calcolo locale — nessuna chiave, nessun servizio di terze parti, istantaneo. Live, nulla viene memorizzato. 3 endpoint. Questo costruisce e analizza la stringa dell'intestazione stessa; non recupera un URL.

api.oanor.com/cachecontrol-api

Parse and build RFC 8288 HTTP Link headers (Web Linking). The parse endpoint turns a Link header into a structured list — each link with its URI, its rel relation(s) and any target attributes (title, type, hreflang, media, anchor) — and also returns a handy rel→uri map, so you can grab the next, prev, first and last URLs for API pagination in a single step. It correctly handles the awkward parts: multiple comma-separated links, commas inside angle-bracketed URIs, quoted parameter values, multiple space-separated rel tokens, and RFC 8187 extended values. The build endpoint assembles a correct Link header from one or more link objects (or a single uri + rel with optional attributes), quoting values only where required. Everything is computed locally and deterministically, so it is instant and private. Ideal for paginated REST APIs and clients, hypermedia and HATEOAS, HTTP preload/prefetch hints, feed and alternate-format discovery, proxies and gateways. Pure local computation — no key, no third-party service, instant. Live, nothing stored. 3 endpoints. This builds and parses the Link header string itself; it does not fetch a URL.

api.oanor.com/linkheader-api

HTTP content negotiation as an API. The parse endpoint reads an Accept, Accept-Language, Accept-Encoding or Accept-Charset header — with quality (q) values and parameters — into a clean list ranked by the client's preference. The negotiate endpoint takes that header plus the list of values your server can actually serve and returns the single best match, along with the full ranked result and the entry that matched each candidate. It applies the correct rules for each kind: media-type type and subtype wildcards (text/*, */*), RFC 4647 language-range matching (a request for en matches your en-US, and en-US falls back to en), and exact matching with a * wildcard for encodings and charsets — and a q=0 entry correctly rejects a value. Everything runs locally and deterministically, so it is instant and private. Ideal for i18n middleware and locale selection, API versioning by media type, response-format and compression selection, CDNs, proxies and edge functions. Pure local computation — no key, no third-party service, instant. Live, nothing stored. 3 endpoints. This negotiates HTTP headers; to validate or decompose a single BCP-47 language tag use a BCP-47 API.

api.oanor.com/negotiate-api

Parse and build HTTP cookies. The parse endpoint reads a Set-Cookie header into its name, value and structured attributes — Domain, Path, Expires, Max-Age, Secure, HttpOnly, SameSite, Priority and Partitioned — or, with mode=cookie, splits a request Cookie header like "a=1; b=2; c=3" into an ordered list and a name→value map. The serialize endpoint builds a correct Set-Cookie string from simple fields, with sensible defaults (Path=/), proper date formatting for Expires, optional URL-encoding of the value, and validation of the cookie name, the date and the enum attributes — and it automatically adds Secure when SameSite=None, as browsers require. Everything is computed locally and deterministically, so it is instant and private. Ideal for web frameworks and middleware, API debugging and proxies, session and consent tooling, testing and security review. Pure local computation — no key, no third-party service, instant. Live, nothing stored. 3 endpoints. This parses and builds cookie strings; it does not fetch a URL — to inspect a live site's response headers use a security-headers or HTTP API.

api.oanor.com/cookie-api

Eine saubere, programmatische Referenz für HTTP-Semantik, basierend auf den offiziellen IANA-Registern. Schlagen Sie jeden Statuscode mit seiner Begründung und Klasse nach (404 → Not Found, Client Error; 503 → Service Unavailable, Server Error), listen Sie eine ganze Klasse auf (4xx, 5xx…); schlagen Sie jede Methode mit ihren safe/idempotent-Flags nach (GET → safe + idempotent, POST → keines, DELETE → idempotent); oder schlagen Sie die 255 registrierten HTTP-Header-Felder (Content-Type, Authorization, …) mit ihrem Registrierungsstatus nach oder durchsuchen Sie sie. Ideal für API-Tooling, HTTP-Clients, Dokumentation, Linter, Lernressourcen und Fehlerseiten.

api.oanor.com/http-api