#cdn

Parse and build HTTP Cache-Control headers (RFC 9111). The parse endpoint turns a Cache-Control header into structured, named directives — public and private, no-store, no-cache, no-transform, max-age and s-maxage, must-revalidate and proxy-revalidate, immutable, stale-while-revalidate, stale-if-error, min-fresh and max-stale — together with a quick summary: whether the response is cacheable, whether it must be revalidated before use, its visibility (public or private) and its max-age in seconds. The build endpoint assembles a correct, canonically-ordered header from simple boolean and numeric fields, validating that the second-based directives are non-negative integers and quoting field-list forms of no-cache and private. Everything is computed locally and deterministically, so it is instant and private. Ideal for CDN and edge configuration, caching proxies and reverse proxies, API responses and static-asset tuning, and debugging why a response is (or is not) being cached. Pure local computation — no key, no third-party service, instant. Live, nothing stored. 3 endpoints. This builds and parses the header string itself; it does not fetch a URL.

api.oanor.com/cachecontrol-api

Generate Subresource Integrity (SRI) hashes for any web asset, so browsers can verify that a CDN-hosted script or stylesheet has not been tampered with. Pass a URL and the service fetches the asset and returns its sha256, sha384 and sha512 SRI hashes, the chosen integrity value (sha384 by default, or pass your preferred algorithm), the asset's size and content type, and a ready-to-paste <script> or <link> tag complete with the integrity and crossorigin attributes. A verify endpoint re-fetches the asset and tells you whether it still matches a known integrity string — catching silent CDN changes or supply-chain tampering before your users hit them. The request is made server-side; private and internal targets are refused (SSRF-guarded). Built for securing third-party scripts, supply-chain hardening, build pipelines and CSP/SRI compliance. A Subresource Integrity generator and verifier — distinct from raw cryptographic hashing of input data (hash), the HTTP security-header grader (secheaders) and the SSL/TLS certificate check (sslcheck). No upstream key, no cache.

api.oanor.com/sri-api