CLI
Same engine, runs on your machine. No rate limits.
Install via Homebrew
$ brew install yokedotlol/tap/xhttp
Or via script
$ curl -sSL xhttp.lol/install.sh | bash
Usage
# Full scan
$ xhttp example.com
# Sub-commands
$ xhttp cors example.com
$ xhttp headers example.com
$ xhttp csp example.com
$ xhttp chain example.com
$ xhttp cache example.com
# Simulate CORS
$ xhttp simulate api.example.com --origin https://app.example.com
# Decode a browser error
$ xhttp error "No Access-Control-Allow-Origin header..."
# JSON output
$ xhttp example.com --json | jq
$ xhttp example.com
# Sub-commands
$ xhttp cors example.com
$ xhttp headers example.com
$ xhttp csp example.com
$ xhttp chain example.com
$ xhttp cache example.com
# Simulate CORS
$ xhttp simulate api.example.com --origin https://app.example.com
# Decode a browser error
$ xhttp error "No Access-Control-Allow-Origin header..."
# JSON output
$ xhttp example.com --json | jq
Or just use curl
$ curl -s xhttp.lol/example.com | jq
$ curl -s xhttp.lol/example.com/cors | jq
$ curl -s xhttp.lol/example.com/cors | jq