Email Header Analyzer
Email Header Analyzer parses raw email headers so you can see the full journey a message took from sender to inbox. Paste the headers and it traces every server hop, flags the delays between them, and reads the SPF, DKIM, and DMARC results.
It is built for anyone who needs to look past the visible message: IT and support teams troubleshooting delivery, security-minded users checking a suspicious email for spoofing or phishing, and developers verifying that authentication is set up correctly. No account, no install, nothing to configure.
How to Use
Copy the raw headers
Open the message in your email client and copy its raw headers. The path differs per provider — for example, in Gmail open the message, click the More (⋮) menu, choose "Show original", then copy. Expand How to Get Email Headers in the tool for step-by-step instructions for Gmail, Outlook (desktop and web), Yahoo Mail, Apple Mail, and Thunderbird.
Paste and analyze
Paste the headers into the text area and click Analyze Headers or press Ctrl+Enter. You can paste the entire message source too — the parser stops at the first blank line, so only the header section is read.
Review the results
Results appear in collapsible sections: a summary of hop count, total delay, and authentication status; the Key Headers; Authentication Results; the Delivery Route timeline; and All Headers. Click any section header to expand or collapse it. No sample to hand? Click Sample to load example headers.
Features
Raw Header Parsing
Splits raw headers into clean name and value pairs, joining folded multi-line values automatically.
Delivery Route Timeline
Reads every Received header to plot each server hop in chronological order, with the sending and receiving server, protocol, and timestamp.
Delay Detection
Calculates the gap between hops and color-codes it: fast under 5 seconds, medium 5 to 30 seconds, and slow over 30 seconds.
SPF, DKIM & DMARC Checks
Reads the Authentication-Results header (with Received-SPF and DKIM-Signature fallbacks) and shows each result as a pass, fail, or neutral badge.
Summary Stats
A quick overview at the top shows the total hop count, the combined delivery delay, and an overall PASS or FAIL authentication status.
Key Header Summary
Pulls the headers that matter most — From, To, Cc, Subject, Date, Message-ID, Reply-To, Return-Path, X-Mailer, User-Agent, and Content-Type.
Complete Header Table
Lists every parsed header in a structured table with names and values clearly separated for easy inspection.
Built-in Header Guide
A collapsible guide explains how to copy raw headers from Gmail, Outlook desktop and web, Yahoo Mail, Apple Mail, and Thunderbird.
Sample Headers
Load a realistic example with one click to see how the route, delays, and authentication results are presented.
Collapsible Sections & Shortcut
Expand or collapse each result section to focus, and press Ctrl+Enter to analyze without reaching for the button.
Frequently Asked Questions
What are email headers and how do I read one?
Email headers are metadata attached to every message: who sent it, who it is for, the subject and date, and the path it traveled through mail servers. They are normally hidden, but you can view them through your email client's settings, then paste them here to have each field parsed and explained.
How do I analyze an email header for phishing or spoofing?
Check the Authentication Results first — a failing SPF, DKIM, or DMARC is a strong spoofing signal. Then look at the Delivery Route for servers that do not match the claimed sender domain, and compare the From, Reply-To, and Return-Path in Key Headers. Mismatches between these are a common sign of a forged or phishing email.
What do the SPF, DKIM, and DMARC results mean?
SPF checks that the sending server is authorized to send for the domain. DKIM uses a cryptographic signature to confirm the message was not altered in transit. DMARC ties SPF and DKIM together and tells receivers what to do when checks fail. When all three pass, the message is very likely legitimate.
What is a "hop" and why is there a delay between hops?
Each hop is one mail server that handled the message; every handoff adds a new Received header. The analyzer reads these in order and measures the gap between their timestamps. Small delays (under 5 seconds) are normal — caused by server processing, spam filtering, DNS lookups, greylisting, or network load. Delays over 30 seconds are flagged red and may be worth investigating.
Where do I find the full header in Gmail or Outlook?
In Gmail, open the message, click the More (⋮) menu, choose "Show original", and copy. In Outlook desktop, open the message and go to File → Properties → "Internet headers"; in Outlook on the web, use the More actions (⋯) menu → "View message source". The built-in How to Get Email Headers guide also covers Yahoo Mail, Apple Mail, and Thunderbird.
Can I paste the entire email source including the body?
Yes. The parser stops at the first blank line, which separates headers from the body per email standards, so only the header portion is analyzed — the message body is ignored.
Is this email header analyzer private?
Yes. All analysis runs entirely in your browser with JavaScript. No header data is uploaded to any server, and nothing is stored or logged. You can verify this yourself by watching your browser's network tab during analysis.
No comments yet. Be the first to comment!