#http

Die kanonische MIME-/Medientyp-Datenbank (die jshttp mime-db, die von Express und dem Großteil des Node-Ökosystems verwendet wird: IANA + Apache + nginx), aus dem Speicher bereitgestellt — kein Key. Lösen Sie einen Medientyp in seine Dateierweiterungen, Zeichensatz und Komprimierbarkeit auf; suchen Sie den/die Medientyp(en) für eine Dateierweiterung (z. B. png → image/png); und listen oder durchsuchen Sie Typen nach Quelle. 2.600+ Medientypen, 1.000+ mit Dateierweiterungen. Schlankes, vorhersagbares JSON. Ideal für Upload-Validierung, Content-Type-Auflösung, Dateityperkennung, Download-Handler und Entwicklerwerkzeuge.

api.oanor.com/mimetypes-api

Construye encabezados de respuesta CORS correctos y evalúa solicitudes preflight — sin tener que releer la especificación cada vez. El endpoint de encabezados convierte una política simple (orígenes permitidos, métodos, encabezados de solicitud, si se permiten credenciales, una edad máxima de preflight y cualquier encabezado de respuesta expuesto) en el conjunto exacto de encabezados Access-Control-* a devolver, y maneja las partes que la gente suele equivocar: no se puede combinar un origen comodín con credenciales, por lo que refleja el origen de solicitud específico y agrega Vary: Origin; omite el encabezado allow-origin cuando un origen no está en su lista; y advierte cuando una configuración no se comportaría como se espera. El endpoint de verificación toma una solicitud entrante — su Origin, el método (solicitado) y Access-Control-Request-Headers — y le indica si pasaría CORS, la razón precisa si falla, y los encabezados de respuesta que debe enviar. Todo se calcula local y determinísticamente, por lo que es instantáneo y privado. Ideal para puertas de enlace API y backends, funciones edge y serverless, depuración de errores CORS del navegador y obtener una política de seguridad exacta. Cálculo puramente local — sin clave, sin servicio de terceros, instantáneo. En vivo, nada almacenado. 3 endpoints. Esto construye y verifica los encabezados; no realiza una solicitud de origen cruzado — para inspeccionar los encabezados de seguridad de un sitio en vivo, use una API de encabezados de seguridad.

api.oanor.com/cors-api

Find the real client IP behind proxies, CDNs and load balancers. The client endpoint takes an X-Forwarded-For list (or an RFC 7239 Forwarded header) together with a count of proxies you trust, and returns the actual client address — stripping the trusted proxies from the right-hand side so that a spoofed left-most value cannot fool you — along with the full ordered hop chain, the left-most and right-most entries and the address family. The parse endpoint decomposes a Forwarded header into its for/by/host/proto hops, or an X-Forwarded-For header into its ordered list of addresses, stripping ports and IPv6 brackets so you get clean IPs. Getting this right matters for security: trusting the wrong entry lets clients spoof their IP, so the trusted-proxy model returns the first address you did not put there yourself. Everything is computed locally and deterministically, so it is instant and private. Ideal for reverse proxies and API gateways, rate limiting and abuse prevention, audit logging and analytics, geo and fraud checks, and any backend sitting behind a load balancer. Pure local computation — no key, no third-party service, instant. Live, nothing stored. 3 endpoints. This parses forwarding headers to find the client IP; to geolocate that IP use an IP-geolocation API.

api.oanor.com/clientip-api

解析和构建 HTTP Content-Disposition 标头（RFC 6266，含 RFC 5987 filename* 编码）。parse 端点将标头解析为其处置类型（attachment、inline 或 form-data）、文件名——正确解码扩展的 filename*=UTF-8''… 形式，并严格按照规范优先于普通文件名——以及 form-data 字段名和任何剩余参数。build 端点从简单字段组装正确的标头，当文件名包含非 ASCII 字符（重音、表情符号、中日韩文字）时，自动发出 ASCII 回退文件名和百分号编码的 filename*，以便每个浏览器显示正确的下载名称，同时旧客户端仍能工作。所有计算均在本地确定性地完成，因此即时且私密——从不获取或存储任何文件。非常适合文件下载和上传端点、对象存储和 CDN、内容网关和代理、电子邮件和多部分处理，以及调试下载命名错误的问题。纯本地计算——无需密钥，无需第三方服务，即时。实时，不存储任何内容。3 个端点。此 API 构建和解析标头字符串本身；不提供文件服务。

api.oanor.com/contentdisposition-api

Analizza e costruisce intestazioni HTTP Cache-Control (RFC 9111). L'endpoint di analisi trasforma un'intestazione Cache-Control in direttive strutturate e nominate — public e private, no-store, no-cache, no-transform, max-age e s-maxage, must-revalidate e proxy-revalidate, immutable, stale-while-revalidate, stale-if-error, min-fresh e max-stale — insieme a un rapido riepilogo: se la risposta è memorizzabile nella cache, se deve essere convalidata prima dell'uso, la sua visibilità (public o private) e la sua max-age in secondi. L'endpoint di costruzione assembla un'intestazione corretta e ordinata canonicamente da campi booleani e numerici semplici, convalidando che le direttive basate su secondi siano interi non negativi e citando le forme field-list di no-cache e private. Tutto viene calcolato localmente e deterministicamente, quindi è istantaneo e privato. Ideale per configurazioni CDN e edge, proxy di caching e proxy inversi, risposte API e ottimizzazione di asset statici, e debug del motivo per cui una risposta viene (o non viene) memorizzata nella cache. Puro calcolo locale — nessuna chiave, nessun servizio di terze parti, istantaneo. Live, nulla viene memorizzato. 3 endpoint. Questo costruisce e analizza la stringa dell'intestazione stessa; non recupera un URL.

api.oanor.com/cachecontrol-api

Parse and build RFC 8288 HTTP Link headers (Web Linking). The parse endpoint turns a Link header into a structured list — each link with its URI, its rel relation(s) and any target attributes (title, type, hreflang, media, anchor) — and also returns a handy rel→uri map, so you can grab the next, prev, first and last URLs for API pagination in a single step. It correctly handles the awkward parts: multiple comma-separated links, commas inside angle-bracketed URIs, quoted parameter values, multiple space-separated rel tokens, and RFC 8187 extended values. The build endpoint assembles a correct Link header from one or more link objects (or a single uri + rel with optional attributes), quoting values only where required. Everything is computed locally and deterministically, so it is instant and private. Ideal for paginated REST APIs and clients, hypermedia and HATEOAS, HTTP preload/prefetch hints, feed and alternate-format discovery, proxies and gateways. Pure local computation — no key, no third-party service, instant. Live, nothing stored. 3 endpoints. This builds and parses the Link header string itself; it does not fetch a URL.

api.oanor.com/linkheader-api

HTTP content negotiation as an API. The parse endpoint reads an Accept, Accept-Language, Accept-Encoding or Accept-Charset header — with quality (q) values and parameters — into a clean list ranked by the client's preference. The negotiate endpoint takes that header plus the list of values your server can actually serve and returns the single best match, along with the full ranked result and the entry that matched each candidate. It applies the correct rules for each kind: media-type type and subtype wildcards (text/*, */*), RFC 4647 language-range matching (a request for en matches your en-US, and en-US falls back to en), and exact matching with a * wildcard for encodings and charsets — and a q=0 entry correctly rejects a value. Everything runs locally and deterministically, so it is instant and private. Ideal for i18n middleware and locale selection, API versioning by media type, response-format and compression selection, CDNs, proxies and edge functions. Pure local computation — no key, no third-party service, instant. Live, nothing stored. 3 endpoints. This negotiates HTTP headers; to validate or decompose a single BCP-47 language tag use a BCP-47 API.

api.oanor.com/negotiate-api

Parse and build HTTP cookies. The parse endpoint reads a Set-Cookie header into its name, value and structured attributes — Domain, Path, Expires, Max-Age, Secure, HttpOnly, SameSite, Priority and Partitioned — or, with mode=cookie, splits a request Cookie header like "a=1; b=2; c=3" into an ordered list and a name→value map. The serialize endpoint builds a correct Set-Cookie string from simple fields, with sensible defaults (Path=/), proper date formatting for Expires, optional URL-encoding of the value, and validation of the cookie name, the date and the enum attributes — and it automatically adds Secure when SameSite=None, as browsers require. Everything is computed locally and deterministically, so it is instant and private. Ideal for web frameworks and middleware, API debugging and proxies, session and consent tooling, testing and security review. Pure local computation — no key, no third-party service, instant. Live, nothing stored. 3 endpoints. This parses and builds cookie strings; it does not fetch a URL — to inspect a live site's response headers use a security-headers or HTTP API.

api.oanor.com/cookie-api

Cada código de estado HTTP como una API. Busque cualquier código (p. ej., 404, 429, 503) y obtenga su frase de razón estándar, su clase (1xx Informativo, 2xx Éxito, 3xx Redirección, 4xx Error del Cliente, 5xx Error del Servidor), una descripción en inglés sencillo, la RFC que lo define, y banderas útiles para saber si es un error y si es comúnmente seguro reintentar (408, 425, 429, 500, 502, 503, 504). Liste cada código asignado o filtre por clase, y enumere las cinco clases de estado. Perfecto para clientes y pasarelas de API, páginas de error, paneles de registro y monitoreo, documentación y enseñanza. Cálculo puramente local — sin clave, sin servicio de terceros, instantáneo. En vivo, nada almacenado. 4 endpoints. Distinto de los verificadores de host/tiempo de actividad que reportan un estado en vivo — este es el diccionario de referencia de los códigos en sí.

api.oanor.com/httpstatus-api

Fetch any URL and analyse its HTTP response security headers — grading the site A+ to F the way securityheaders.com and Mozilla Observatory do. Pass a URL and the service makes the request server-side (following redirects), then reports which protective headers are present, which are missing (with concrete remediation advice) and which response headers leak information. Graded headers include Strict-Transport-Security (HSTS), Content-Security-Policy, X-Content-Type-Options, X-Frame-Options, Referrer-Policy, Permissions-Policy and Cross-Origin-Opener-Policy; information-leak headers include Server and X-Powered-By. A companion endpoint returns every raw response header. Private and internal targets are refused (SSRF-guarded). Built for security audits, CI/CD security gates, attack-surface reviews and compliance checks. A security-header grader — distinct from the SSL/TLS certificate check (sslcheck), host reachability (hostcheck), the IANA HTTP status-code reference (http) and the on-page SEO audit (seo). No upstream key, no cache.

api.oanor.com/secheaders-api

Eine saubere, programmatische Referenz für HTTP-Semantik, basierend auf den offiziellen IANA-Registern. Schlagen Sie jeden Statuscode mit seiner Begründung und Klasse nach (404 → Not Found, Client Error; 503 → Service Unavailable, Server Error), listen Sie eine ganze Klasse auf (4xx, 5xx…); schlagen Sie jede Methode mit ihren safe/idempotent-Flags nach (GET → safe + idempotent, POST → keines, DELETE → idempotent); oder schlagen Sie die 255 registrierten HTTP-Header-Felder (Content-Type, Authorization, …) mit ihrem Registrierungsstatus nach oder durchsuchen Sie sie. Ideal für API-Tooling, HTTP-Clients, Dokumentation, Linter, Lernressourcen und Fehlerseiten.

api.oanor.com/http-api