Free security tools: security headers analyzer, JWT auditor, CORS tester, TLS checker, OWASP API checklist, AI threat model generator. Client-side and AI-powered.
The Security Tools hub at HTTPStatus.com provides 30 free tools for developers and security engineers: client-side analyzers for HTTP security headers, JWT, CORS, CSP, cookies, and TLS, plus AI-powered auditors for auth flows, threat modeling, and code review. All client-side tools run in your browser so sensitive data never leaves your device. Use them to audit APIs, fix misconfigurations, and meet OWASP and compliance requirements.
Yes. All 30 tools are free to use. Client-side tools have no usage limits; AI-powered tools run on our server.
Client-side tools (headers, JWT, CORS, CSP, cookies, etc.) run entirely in your browser—nothing is uploaded. TLS checker, CT logs, and redirect audit send only the URL or domain you enter. AI tools send your input to our backend for analysis.
Client-side tools parse and analyze input locally (e.g. decode JWT, score headers). AI tools use our backend to generate explanations, threat models, or code reviews; they run on our server.
TLS checker, CT logs, and Redirect auditor require a URL or domain. Headers analyzer, JWT auditor, CSP builder, and most others accept pasted content (headers, token, policy, etc.).