Skip to content

metriclogic26/httpfixer

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

285 Commits
.wrangler/cache
.wrangler/cache
 
 
about
about
 
 
blog
blog
 
 
case-studies
case-studies
 
 
changelog
changelog
 
 
cookies
cookies
 
 
cors
cors
 
 
csp
csp
 
 
diff
diff
 
 
edge
edge
 
 
error
error
 
 
errors
errors
 
 
fix
fix
 
 
generators
generators
 
 
glossary
glossary
 
 
learn
learn
 
 
oauth
oauth
 
 
privacy
privacy
 
 
providers
providers
 
 
speedfixer
speedfixer
 
 
ssl-chain
ssl-chain
 
 
tools
tools
 
 
vs
vs
 
 
webhook
webhook
 
 
.gitignore
.gitignore
 
 
404.html
404.html
 
 
README.md
README.md
 
 
cloudflare-worker.js
cloudflare-worker.js
 
 
favicon.svg
favicon.svg
 
 
httpfixer2026.txt
httpfixer2026.txt
 
 
index.html
index.html
 
 
llms.txt
llms.txt
 
 
og-image.svg
og-image.svg
 
 
robots.txt
robots.txt
 
 
sitemap.xml
sitemap.xml
 
 
speedfixer-worker.js
speedfixer-worker.js
 
 
vercel.json
vercel.json
 
 
worker.js
worker.js
 
 
wrangler-headers.toml
wrangler-headers.toml
 
 
wrangler.toml
wrangler.toml
 
 

Repository files navigation

HttpFixer

Paste your URL. Get the exact config to fix it.

Free, browser-based web app security and performance fixers. No login. No backend. No tracking. Everything runs in your browser.

httpfixer.dev →

What it does

Paste your URL. HttpFixer:

  • Fetches your live HTTP headers and detects your stack automatically
  • Audits security headers, CORS config, CSP, caching, and PageSpeed
  • Generates the exact Nginx / Cloudflare / Vercel / Express config to paste
  • No generic advice — fixes are specific to your detected stack

Tools

Tool What it fixes
HeadersFixer Missing HSTS, CSP, X-Frame-Options, Referrer-Policy, Permissions-Policy, COOP, COEP
CORSFixer Wrong wildcard, missing preflight handler, credentials misconfiguration
OAuthFixer PKCE misconfiguration, redirect_uri mismatch, invalid_grant errors
CSPFixer Generates working CSP from your page's actual resources
EdgeFix Cache-Control, Vary, Age, X-Cache misconfigurations. Accidentally cached auth responses.
SpeedFixer Live PageSpeed audit results → exact server config to fix each failing audit
WebhookFix Stripe webhook 401 / signature verification failed → complete handler for Next.js, Express, Fastify. Covers raw body, bodyParser config, and auth middleware exclusion.

How it works

  1. Enter your URL
  2. HttpFixer fetches your live headers and detects your stack from the Server: header
  3. Get the exact config block for your stack with a one-click copy button

ChatGPT cannot fetch your live headers. That's the moat.

Supported stacks

Nginx · Apache · Cloudflare · Vercel · Netlify · Express · Caddy · Next.js · FastAPI · Django · WordPress · and more via manual selection

Architecture

No backend. No build step. No npm install.

Two Cloudflare Workers handle CORS and PSI API proxying:

  • headers-proxy — CORS proxy for live header fetching (HeadersFixer, CORSFixer, CSPFixer, EdgeFix)
  • speedfixer-proxy — Google PageSpeed Insights API proxy with rate limiting (SpeedFixer)

Everything else runs client-side in vanilla HTML, CSS, and JavaScript.

Local development

git clone https://github.com/metriclogic26/httpfixer
cd httpfixer
python3 -m http.server 8080
# open http://localhost:8080

No dependencies. Open the HTML files directly.

Fix pages

Step-by-step fix guides for common errors:

Alternatives

Looking for a securityheaders.com, Mozilla Observatory, GTmetrix, Lighthouse, CORS Anywhere, or MXToolbox replacement? See httpfixer.dev/vs/

License

MIT — use it, fork it, build on it. The moat is the live fetch, not the code.

About

webfix-pearl.vercel.app

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 1

v1.0.0 — Initial release Latest
Apr 5, 2026

Packages

 
 
 

Contributors

Languages