Language
English English Vietnamese (Tiếng Việt) Vietnamese (Tiếng Việt) Chinese (简体中文) Chinese (简体中文) Portuguese (Brazil) (Português do Brasil) Portuguese (Brazil) (Português do Brasil) Spanish (Español) Spanish (Español) Indonesian (Bahasa Indonesia) Indonesian (Bahasa Indonesia)
Email Header Analyzer

Email Header Analyzer

Analyze raw email headers to trace the delivery route, detect delays between servers, and check SPF, DKIM, and DMARC authentication results.

Email Header Analyzer

Email Header Analyzer parses raw email headers so you can see the full journey a message took from sender to inbox. Paste the headers and it traces every server hop, flags the delays between them, and reads the SPF, DKIM, and DMARC results.

It is built for anyone who needs to look past the visible message: IT and support teams troubleshooting delivery, security-minded users checking a suspicious email for spoofing or phishing, and developers verifying that authentication is set up correctly. No account, no install, nothing to configure.

Private by design: every header is parsed in your browser with JavaScript. Nothing is uploaded, stored, or logged — you can confirm it in your browser's network tab while you analyze.

How to Use

1

Copy the raw headers

Open the message in your email client and copy its raw headers. The path differs per provider — for example, in Gmail open the message, click the More (⋮) menu, choose "Show original", then copy. Expand How to Get Email Headers in the tool for step-by-step instructions for Gmail, Outlook (desktop and web), Yahoo Mail, Apple Mail, and Thunderbird.

2

Paste and analyze

Paste the headers into the text area and click Analyze Headers or press Ctrl+Enter. You can paste the entire message source too — the parser stops at the first blank line, so only the header section is read.

3

Review the results

Results appear in collapsible sections: a summary of hop count, total delay, and authentication status; the Key Headers; Authentication Results; the Delivery Route timeline; and All Headers. Click any section header to expand or collapse it. No sample to hand? Click Sample to load example headers.

Features

Raw Header Parsing

Splits raw headers into clean name and value pairs, joining folded multi-line values automatically.

Delivery Route Timeline

Reads every Received header to plot each server hop in chronological order, with the sending and receiving server, protocol, and timestamp.

Delay Detection

Calculates the gap between hops and color-codes it: fast under 5 seconds, medium 5 to 30 seconds, and slow over 30 seconds.

SPF, DKIM & DMARC Checks

Reads the Authentication-Results header (with Received-SPF and DKIM-Signature fallbacks) and shows each result as a pass, fail, or neutral badge.

Summary Stats

A quick overview at the top shows the total hop count, the combined delivery delay, and an overall PASS or FAIL authentication status.

Key Header Summary

Pulls the headers that matter most — From, To, Cc, Subject, Date, Message-ID, Reply-To, Return-Path, X-Mailer, User-Agent, and Content-Type.

Complete Header Table

Lists every parsed header in a structured table with names and values clearly separated for easy inspection.

Built-in Header Guide

A collapsible guide explains how to copy raw headers from Gmail, Outlook desktop and web, Yahoo Mail, Apple Mail, and Thunderbird.

Sample Headers

Load a realistic example with one click to see how the route, delays, and authentication results are presented.

Collapsible Sections & Shortcut

Expand or collapse each result section to focus, and press Ctrl+Enter to analyze without reaching for the button.

Frequently Asked Questions

What are email headers and how do I read one?

Email headers are metadata attached to every message: who sent it, who it is for, the subject and date, and the path it traveled through mail servers. They are normally hidden, but you can view them through your email client's settings, then paste them here to have each field parsed and explained.

How do I analyze an email header for phishing or spoofing?

Check the Authentication Results first — a failing SPF, DKIM, or DMARC is a strong spoofing signal. Then look at the Delivery Route for servers that do not match the claimed sender domain, and compare the From, Reply-To, and Return-Path in Key Headers. Mismatches between these are a common sign of a forged or phishing email.

What do the SPF, DKIM, and DMARC results mean?

SPF checks that the sending server is authorized to send for the domain. DKIM uses a cryptographic signature to confirm the message was not altered in transit. DMARC ties SPF and DKIM together and tells receivers what to do when checks fail. When all three pass, the message is very likely legitimate.

What is a "hop" and why is there a delay between hops?

Each hop is one mail server that handled the message; every handoff adds a new Received header. The analyzer reads these in order and measures the gap between their timestamps. Small delays (under 5 seconds) are normal — caused by server processing, spam filtering, DNS lookups, greylisting, or network load. Delays over 30 seconds are flagged red and may be worth investigating.

Where do I find the full header in Gmail or Outlook?

In Gmail, open the message, click the More (⋮) menu, choose "Show original", and copy. In Outlook desktop, open the message and go to File → Properties → "Internet headers"; in Outlook on the web, use the More actions (⋯) menu → "View message source". The built-in How to Get Email Headers guide also covers Yahoo Mail, Apple Mail, and Thunderbird.

Can I paste the entire email source including the body?

Yes. The parser stops at the first blank line, which separates headers from the body per email standards, so only the header portion is analyzed — the message body is ignored.

Is this email header analyzer private?

Yes. All analysis runs entirely in your browser with JavaScript. No header data is uploaded to any server, and nothing is stored or logged. You can verify this yourself by watching your browser's network tab during analysis.

Paste Email Headers
Paste your raw email headers and click Analyze Headers or press Ctrl+Enter
Click Sample to load example headers and see how the tool works
Check the Delivery Route section to find which server caused delays
Red delay badges mark hops taking more than 30 seconds
Expand How to Get Email Headers for step-by-step instructions per email client
Compare From, Reply-To, and Return-Path in Key Headers to spot spoofing
All analysis runs locally in your browser — no data is sent to any server
Want to learn more? Read documentation →
1/8
Start typing to search...
Searching...
No results found
Try searching with different keywords