Where do I get the raw headers?

In Gmail: ⋮ menu on a message → "Show original". In Outlook: File → Properties → Internet headers. Most other clients have a "View source" or "Show original" option.

Why do hops sometimes show a negative delay?

Servers often disagree on clock by a few seconds, and some MTAs back-date their Received line. Tiny negatives are normal; large negatives (or a missing hop) can suggest a forged header.

Email Header Analyzer

Network

Unfolds RFC 5322 continuation lines, pulls out From/To/Subject/Date/Message-ID, parses every Received line (reversed to chronological order) and computes the wall-clock delay between adjacent hops, and extracts the spf/dkim/dmarc verdicts from Authentication-Results. Useful for diagnosing why a message landed in spam, spotting forged Received chains, or pinpointing which MTA introduced a delay.

—

Raw email headers

From"Alice Sender" <alice@example.com>
Touser@recipient.com
SubjectHello there
DateMon, 02 Jun 2026 09:15:38 +0000
Message-ID<abc123@example.com>

Authentication

SPFpassDKIMpassDMARCpass

Hops (oldest → newest)

#1
from sender-host.example.com → by mail.example.com
Mon, 02 Jun 2026 09:15:40 +0000 (UTC)
#2+2s
from mail.example.com → by mx.recipient.com
Mon, 02 Jun 2026 09:15:42 +0000 (UTC)

Everything is parsed locally — no headers leave your browser.

How to use

Paste the full raw headers (everything before the empty line that separates headers from the body).
Read the metadata block, the auth badges, and the hop list.

Frequently asked questions

Where do I get the raw headers?: In Gmail: ⋮ menu on a message → "Show original". In Outlook: File → Properties → Internet headers. Most other clients have a "View source" or "Show original" option.
Why do hops sometimes show a negative delay?: Servers often disagree on clock by a few seconds, and some MTAs back-date their Received line. Tiny negatives are normal; large negatives (or a missing hop) can suggest a forged header.

Related tools

URL Query Builder

Build URLs by combining a base address with editable key-value query parameters — each pair toggleable, properly percent-encoded.

Network00

IP Address Inspector

Type an IPv4 or IPv6 address and see its class, scope (private / public / loopback / link-local), decimal value, binary, reverse-DNS notation, and /32 CIDR.

Network00

Port Number Reference

Searchable cheat sheet for ~60 standard TCP / UDP port numbers — from 22 (SSH) and 80 (HTTP) to 6379 (Redis) and 27017 (MongoDB).

Network00

DNS Record Reference

Searchable cheat sheet for DNS record types — A, AAAA, CNAME, MX, TXT, NS, SOA, PTR, SRV, CAA, DNSSEC, SVCB / HTTPS — with examples.

Network00

Subnet Calculator (IPv4 / CIDR)

Parse an IPv4 CIDR into network address, broadcast, netmask, wildcard, host range, and class. Shows binary breakdown and private/public status.

Network00

User Agent Parser

Parse a User-Agent string into browser, engine, OS, device, and CPU. Detects 20+ bots including GPTBot, ClaudeBot, PerplexityBot.

Network00