NonProd Network Toolkit

Checking protocol…

Requests

Tests whether QUIC (HTTP/3) is allowed by checking the browser's resource timing protocol for a live request.

Requests flow

Total requests

0

Success with QUIC

0

Success with HTTP

0

Failed requests

0

Requests: 0 / 0 (0%)

Sent QUIC HTTP Failed

Log (collapsed)

Log

Name

Type

DNS server

DNS queries are executed from the Worker using DNS-over-HTTPS.

Result

Raw JSON

Domain

Resolver

Checks DNSKEY/DS presence and DNSSEC validation flags via DoH.

Result

Raw JSON

Domain

DKIM selector(s) (optional, comma-separated)

Resolver

Aggregates SPF, DMARC, DKIM, and TLS-RPT TXT records into one report.

Result

Raw JSON

IP or hostname

Looks up ASN/ORG via a public IP-to-ASN database and resolves PTR via DNS-over-HTTPS.

Result

Raw JSON

IP or hostname

Checks common DNSBLs for the resolved IPv4 address (best effort).

Result

Raw JSON

URL

Fetches the Content-Security-Policy header and flags risky directives.

Result

Raw JSON

URL

Reviews Set-Cookie flags (Secure, HttpOnly, SameSite) from the target response.

Result

Raw JSON

SAML metadata XML

Parses IdP/SP metadata locally and extracts endpoints and signing certificates.

Result

CVE or CPE keyword

Searches a small built-in CVE/CPE mapping dataset (offline).

Result

Raw JSON

Search query (optional)

Date range

Earliest

Latest

Custom ranges are limited to the last 120 days.

Per page

Search is optional. Leave it blank to return all vulnerabilities within the selected date window. Results are paged.

Result

Raw JSON

IP or hostname

Fetches public geolocation info for the target IP.

Result

Raw JSON

IP list (one per line)

0 IPs

Looks up multiple IP addresses (max 250 per run) via the same geo provider.

Result

Country

Region

Show failed only

Raw JSON

URL

Checks common security headers and summarizes missing items.

Result

Raw JSON

Site URL

Sample URLs

Try /sitemap.xml when not listed

Fetches robots.txt and sitemap.xml, then validates sitemap <loc> entries.

Result

Raw JSON

Start URL

Max depth

Max pages

File types (comma-separated)

Req/sec

Respect robots.txt

Crawls same-origin pages and lists matching download links. External hosts are skipped.

Result

Raw JSON

User-Agent string

Parses browser, OS, and device hints locally.

Result

HTML snippet

Escape HTML entities or strip tags to view a safe text version.

Result

URL A

URL B

Method

Redirects

Compares response headers between two URLs.

Result

Raw JSON

URL A

URL B

Method

Redirects

Max body bytes

Fetches two responses and compares status, headers, and body snippets.

Result

Raw JSON

URL A

URL B

Compares Set-Cookie attributes between two URLs.

Result

Raw JSON

URL

Origin

Method

Request headers (comma-separated)

Sends an OPTIONS preflight from the Worker and summarizes the response CORS headers.

Result

Raw JSON

URL

Method

Timeout (ms)

Measures time to first byte and transfer size, plus compression hints.

Result

Raw JSON

URL

Reports cache-related response headers such as Vary and Cache-Control.

Result

Raw JSON

URL

Shows your protocol/TLS to this Worker and a best-effort target response summary.

Result

Raw JSON

URL

Max hops

Follows redirects (manual) and shows each hop.

Result

Raw JSON

Domain

Pulls recent certificate issuances (best effort) from a public CT feed.

Result

Raw JSON

Name

Type

Queries multiple public resolvers to show propagation differences.

Result

Raw JSON

CIDR (IPv4)

Max IPs

Resolver

Only show IPs with PTRs

Expands the CIDR and fetches PTR records for each IP (limited).

Result

Raw JSON

URL

Samples

Interval (ms)

Runs repeated HEAD probes from the edge and summarizes uptime and latency.

Result

Base domain

Queries certificate transparency (crt.sh) and deduplicates subdomains. Results are best-effort and may be rate-limited.

Result

Raw JSON

Domain

Max names

Resolver

Fetches Certificate Transparency subdomains, resolves DNS entries, and enriches IPs with geolocation (IPv4/IPv6).

Result

Raw JSON

Subdomain

Checks CNAME targets against known SaaS patterns and flags potential takeover indicators.

Result

Domain

Max results

Generates typo candidates using swaps, deletions, keyboard adjacency, and common homoglyph substitutions.

Result

Raw JSON

Domain or IPv4

WHOIS results are fetched via RDAP from a public endpoint.

Raw JSON

Domain

Summarizes registrar and lifecycle dates from RDAP (no external APIs beyond the existing WHOIS endpoint).

Result

Raw JSON

Raw message headers

Parses raw RFC 5322 headers locally in your browser. No data is sent to the Worker.

Result

Raw JSON

Domain

Timeout (ms)

DNS server

DKIM selector(s) (optional, comma-separated)

Resolve A/AAAA for MX hosts

Includes: MX, SPF, DMARC, DKIM selector discovery, MTA-STS, TLS-RPT, reverse DNS, SMTP port probe (HTTP-only), and DNSBL (best-effort, no API key).

Result

Raw JSON

Domain

Checks SPF and DMARC records and summarizes policy tags.

Result

Raw JSON

Domain

Resolver

Checks default._bimi TXT and validates SVG/logo URL reachability.

Result

Raw JSON

Microsoft Safe Links URL (or wrapped URL)

Decodes the url parameter (percent-decoded up to 3 times).

Result

decodedUrl

JSON

Row path (optional)

Collapse arrays to JSON

Flattens JSON into CSV columns locally. Use Row path to emit one row per array item.

Result

JSON

Formats JSON locally in your browser. No data is sent to the Worker.

Result

Markdown

Live preview runs in your browser. No data is sent to the Worker.

Quick links grouped by type

Microsoft

Zscaler

Versant Health

DNS & Email

Threat Intel

Web Tools

Cloudflare

Links open in a new tab.

Download size

Upload size

Jitter samples

Measures latency, jitter, download, and upload between your browser and this Worker.

Speed test

0.0

Mbps

Idle

Ready

Ping

-

Jitter

-

Download

-

Upload

-

Packet loss

-

RTT range

-

Latency/Jitter samples

Latency Jitter

Idle

Log

URL

Method

Redirects

Confirms HTTP(S) reachability from the Cloudflare edge with status, headers, redirects, and timing.

Result

Raw JSON

Hostname (public)

IP (optional)

Ignore mismatch

Always starts a fresh SSL Labs assessment, optionally pinned to a specific IP and mismatch setting, then polls until READY.

SSL Labs can only assess publicly reachable hosts and is rate-limited.

Hostname (public)

IP (optional)

Ignore mismatch

Uses SSL Labs to fetch the certificate chain (may take a minute for uncached hosts).

Result

Raw JSON

Hostname (public)

IP (optional)

Ignore mismatch

Simulates TLS handshakes for Modern Chrome/Firefox/Edge, iOS Safari, Android Chrome, IE11, and more using SSL Labs.

Result

Raw JSON

Hostname or public IPv4

Scan profile

Custom ports (comma-separated)

This is an HTTP(S) port probe from the Cloudflare edge (not a raw TCP SYN scan). Non-HTTP services may report as closed/unknown.

Result

Hostname

Size (bytes)

Count

Reports edge → target HTTP timing (not ICMP).

Result

Raw JSON

IPv4 address

CIDR

Client-side calculator. No data leaves your browser for this tab.

Result

Raw JSON

CIDR (IPv4)

Max IPs

Expands IPv4 CIDR ranges locally. Large ranges are truncated to the max.

Result

Raw JSON

Service name or port

Looks up common ports by service name, or service names by port.

Result

Raw JSON

Flags

{.}gglobal✓ Aaiignore case✓ ↵mmulti-line✓ ··sdot all✓ Ωuunicode✓ ⇥ysticky✓

Pattern

Test text

Runs locally with highlighted matches and group extraction.

Explanation

An explanation of your regex will be generated as you type.

Match Information

Result

Raw JSON

Quick Reference

Any digit\\d

Any non-digit\\D

Any word character\\w

Any non-word character\\W

Any whitespace\\s

Any non-whitespace\\S

Alternation|

Any character.

Any character (incl newline)[\\s\\S]

Hex escape\\xNN

Unicode escape\\uNNNN

Unicode codepoint\\u{NNNN}

Control character\\cX

Start of string^

End of string$

Word boundary\\b

Non-word boundary\\B

Zero or more*

One or more+

Zero or one?

Exactly n{n}

Between n and m{n,m}

n or more{n,}

Lazy quantifier*?

Lazy quantifier+?

Lazy quantifier??

(Capture group)( )

Non-capturing group(?: )

Named group(?<name> )

Backreference\\1

Named backreference\\k<name>

Positive lookahead(?= )

Negative lookahead(?! )

Positive lookbehind(?<= )

Negative lookbehind(?<! )

Character class[abc]

Range[a-z]

Negated class[^a-z]

Digit class[0-9]

Word class[A-Za-z0-9_]

Unicode property\\p{L}

Not Unicode property\\P{L}

Escape\\

Escape metacharacter\\.

Escape metacharacter\\+

Escape metacharacter\\*

Escape metacharacter\\?

Escape metacharacter\\|

Escape metacharacter\\(

Escape metacharacter\\)

Escape metacharacter\\[

Escape metacharacter\\]

Escape metacharacter\\{

Escape metacharacter\\}

Tab\\t

Newline\\n

Carriage return\\r

Form feed\\f

Vertical tab\\v

Null\\0

Globalg

Ignore casei

Multi-linem

Dot alls

Unicodeu

Stickyy

Replace backref$1

Named replace$<name>

Whole match$&

Prefix$`

Suffix$'

Client values from Cloudflare request context

Most important for QUIC is httpProtocol (look for h3).

Network Speed Test

Toolkits

Microsoft

Zscaler

Versant Health

DNS & Email

Threat Intel

Web Tools

Cloudflare