HTTP

Generate sitemap XML from same-host URLs or paths, with lastmod handling, crawl-hint controls, dedupe review, and protocol limit checks.

Generate a web app manifest with install markup, icon asset checks, and warnings for launch scope, display mode, colors, and shortcuts.

Generate an Apache .htaccess draft from presets and ordered rule sections, then review warnings, counts, and saved JSON before staging changes.

Check ACME HTTP-01 retry readiness with route, redirect, body-match, IPv6, cache, CDN/WAF, and backend consistency evidence for retries.

Measure API error-budget burn from status counts or access-log snippets, with SLO projections, status-code policy checks, and burn guardrails.

Calculate an API pagination window from item counts, page caps, rate limits, latency, and workers, with shard timing and page-size tradeoff charts.

Check a public page for ad-network tags, ads.txt seller alignment, confidence scores, fetch warnings, charts, and prioritized follow-up actions.

Check alternative DCV proofs before a certificate order retry, comparing DNS, CNAME, HTTP, HTTPS, CSR hashes, tokens, and resolver evidence.

Generate an Apache vhost draft for static, PHP-FPM, or proxy sites, with TLS settings, required modules, warnings, and activation checks.

Test an HTTP API directly from your browser, import cURL commands, inspect CORS-blocked failures, and save clean response traces.

Estimate CDN cache-hit savings from traffic, cacheable share, origin rates, CDN charges, payback, and break-even hit-rate checks.

Check CORS response headers against origin, credential, cache, exposed-header, and private-network assumptions with scored risks and fixes.

Draft a Content Security Policy header with nonce, hash, or allowlist script controls, reporting headers, directive review, and rollout warnings.

Check a Content-Security-Policy header for risky script rules, missing baseline directives, reporting gaps, and rollout fixes before enforcement.

Estimate cache hit rate from request reuse, TTL behavior, purge loss, and hit-versus-miss latency, then compare target TTL and freshness risk.

Check HTTP compression evidence for a URL or pasted headers, including gzip/Brotli selection, cache variation, and byte-savings risk.

Build an HAProxy backend block from server rows, health checks, balance mode, TLS choices, persistence, and review notes before copying.

Generate an HTML starter document with title, language, metadata, asset paths, warnings, and copy-ready head or full-page markup.

Analyze NGINX, Apache, or ALB access logs in your browser, compare endpoint P95/P99 and 5xx signals, and export SLA findings.

Review pasted HTTP response headers for HSTS, CSP, cookies, CORS, cache, and disclosure risks with scoring and remediation cues.

Build hreflang clusters from locale URL rows, then copy head tags, sitemap XML, or HTTP headers with audits for self-reference and x-default.

Check a live HTTP URL for response headers, redirect drift, cache rules, cookie flags, CORS exposure, and prioritized hardening fixes.

Trace an HTTP redirect chain hop by hop, compare status, security, latency, host handoffs, loop signals, and copy a replayable cURL command.

Generate JSON-LD structured data for Article, Product, Organization, and FAQ pages with visible-content checks and copy-ready markup.

Calculate load balancer pool capacity from backend RPS, weights, health, utilization, growth, and N+ reserve with bottleneck cues.

Generate search and social meta tags from page details, with canonical URL checks, robots warnings, preview image validation, and copy-ready markup.

Audit an NGINX proxy block for forwarded-header gaps, trust-boundary risks, WebSocket handling, timeout mismatch, and prioritized fixes.

Generate an NGINX server block for static, PHP-FPM, or proxy hosting with TLS redirects, upstream options, warnings, and deployment checks.

Compare registered OAuth redirect URIs with observed requests, then flag exact-match drift, wildcard scope, fragments, and open-redirect clues.

Build Open Graph and X card meta tags from page details, preview images, article data, and crawler warnings before copying head markup.

Preview social share cards from pasted HTML or a public URL, then review Open Graph, X card, image, canonical, and crawler warnings.

Check OpenAPI operation coverage against test evidence, spot missing or unmatched routes, and turn release-gate gaps into an owner-ready queue.

Check proxy and CDN header evidence from pasted logs or a live request, trace forwarded IP chains, and flag spoofing or trust-hop risks.

Plan a rate-limit retry schedule with Retry-After floors, jitter windows, pacing math, timeout checks, and shared-client safety notes.

Build a robots.txt file from crawler sections, path rules, sitemap hints, and imports, then review crawl-policy warnings before publishing.

Check Set-Cookie headers for SameSite delivery, Secure pairing, prefix rules, and flow risks before SSO, payments, or embeds fail.

Extract sitemap URLs from pasted XML, text files, or a public URL with filters, duplicate checks, source evidence, audit warnings, and exports.

Estimate TLS handshake CPU load from request rate, connection reuse, full versus resumed costs, surge peaks, core budgets, charts, and warnings.

Check a suspicious URL against Safe Browsing, SURBL, and local risk signals, then review scope-aware verdicts and follow-up links.

Encode or decode URL text by context in your browser, inspect percent escapes and plus-space rules, and catch round-trip issues before copying.

Parse a URL or query string into components, query rows, encoding notes, masked sensitive values, a length profile, and a rebuilt review link.

Build a GA4 UTM campaign URL with required source, medium, and campaign labels, existing-tag cleanup, channel hints, and hygiene checks.

Decode percent-encoded URLs or text, inspect query pairs and character bytes, clean tracker parameters, and preview JSON or Base64 payloads.

Percent-encode URL components, full links, form values, and paths, then audit escapes with a character map and QR-ready handoff.

Parse a User-Agent string or request header into browser, OS, device, bot, token, and Client Hints evidence for support or log review.

Check a public URL's visible web server, CDN, or proxy using HTTP headers, redirect hops, confidence scores, and origin-hint clues.

Size a WebSocket pool from sockets, memory, bandwidth, descriptors, and N+ reserve, with bottleneck rows and node gaps.

Build a wget command for downloads, API fetches, FTP pulls, or site mirrors with shell-aware quoting, import parsing, exports, and safety warnings.

Identify your current browser, storage, graphics, privacy, and compatibility signals with share-ready support notes and exposure warnings.

Build a shell-ready curl command from URL, method, headers, auth, body, retries, and timeouts with quoting, import parsing, and warnings.