Backend utilities. Ready to call.

Small, focused APIs for URL checks, DNS lookups, and redirect tracing - things you shouldn't have to build yourself.

GET /api/url-resolve?url=http://example.com

Returns the full redirect chain - not just the final status.

No auth. No setup. Just send a request.

Why this exists

You need to follow redirects - but don't want to write follow-redirect logic and handle edge cases.
You need DNS records - but don't want to shell out to dig or wire up a resolver library.
You need reachability checks - but don't want to handle timeouts, TLS errors, and private IP blocking yourself.
TinyUtils handles the edge cases. Call an endpoint, get JSON back.

Endpoints

Check URL reachability

Returns status code, final URL after redirects, and response time.

Useful for health checks, link validation, and uptime monitoring.

GET /api/url-check

Try

Look up DNS records

Returns A, AAAA, CNAME, MX, TXT, and NS records for any hostname.

Useful for debugging email delivery, CDN configs, and DNS propagation.

GET /api/dns-lookup

Try

Trace redirect chains

Shows every redirect hop and the final destination URL.

Useful for debugging tracking links, scrapers, and link validation.

GET /api/url-resolve

Try

Extract Open Graph metadata

Returns title, description, canonical URL, Open Graph tags, and Twitter card tags.

Useful for SEO audits, social preview checks, and metadata extraction pipelines.

GET /api/open-graph

Try

Inspect HTTP headers

Returns all response headers for a URL, including the final URL after redirects.

Useful for debugging caching, content-type, CORS, and CDN behaviour.

GET /api/http-headers

Try

Inspect TLS certificates

Returns certificate subject, issuer, expiry dates, days remaining, and SANs.

Useful for monitoring certificate expiry, validating SANs, and debugging TLS issues.

GET /api/ssl-check

Try

Parse robots.txt

Returns crawler rules, sitemap references, and user-agent groups as clean JSON.

Useful for inspecting crawl rules, finding sitemaps, and validating robots.txt in CI.

GET /api/robots-parse

Try

Inspect sitemaps

Fetches sitemap XML and returns sitemap index entries or URL entries as structured JSON.

Useful for validating sitemap output, extracting URL lists, and debugging sitemap hosting.

GET /api/sitemap-inspect

Try

IP Lookup

Resolve a domain or IP and return IP and network details including ASN, country, provider, and reverse DNS.

Useful for finding the IP behind a domain, inspecting network ownership, and debugging DNS vs IP routing.

GET /api/ip-lookup

Try

Security Headers

Check common HTTP security headers for any URL. Returns a per-header analysis and a score out of six.

Useful for auditing missing security headers, validating posture after deployments, and CI checks.

GET /api/security-headers

Try

Try it instantly

No signup. No API key. Results in under a second.

GET /api/url-check

Enter a URL

{
  "reachable": true,
  "status": 200,
  "final_url": "https://vercel.com/",
  "response_time_ms": 123,
  "error": null
}

No authentication required. Free to use, rate-limited per IP.

Simple by design

No authentication required - just call the endpoint.
Plain JSON responses with clear field names.
Documented error codes so you can handle failures cleanly.
Free usage is rate-limited per IP.

Docs

Full reference for every endpoint - parameters, responses, and error codes.

GET /api/url-check

Check if a URL is reachable, follow redirects, and measure response time. Returns reachability even for 4xx/5xx responses - only network failures count as unreachable.

Query Parameters

urlrequiredThe URL to check. Scheme may be http or https; if omitted, https is assumed.

Example Request

curl "https://tinyutils.dev/api/url-check?url=https://vercel.com"

Example Response

{
  "reachable": true,
  "status": 200,
  "final_url": "https://vercel.com/",
  "response_time_ms": 312,
  "error": null
}

Batch Endpoint

POST /api/url-check/batch - check up to 10 URLs in a single request.

curl -X POST "https://tinyutils.dev/api/url-check/batch" \
  -H "Content-Type: application/json" \
  -d '{"urls":["https://example.com","https://openai.com"]}'

Error codes

INVALID_URLThe URL is malformed or uses an unsupported protocol.

BLOCKED_HOSTThe target resolves to a private or reserved address.

RATE_LIMITEDYou have exceeded the daily request limit.

TIMEOUTThe request exceeded the 2.5s timeout.

TLS_ERRORTLS certificate validation failed (expired, untrusted, or invalid certificate).

NETWORK_ERRORCould not reach the host (DNS failure, connection refused, etc.).

UNKNOWN_ERRORAn unexpected error occurred.

GET /api/dns-lookup

Resolve DNS records for a hostname. Returns A, AAAA, CNAME, MX, TXT, and NS records. Optionally filter to a single record type. Results are cached for 60 seconds. Rate-limited via the same global pool as url-check.

Query Parameters

domainrequiredThe domain to resolve (e.g. example.com).

hostnameoptionalDeprecated alias for 'domain'; still accepted for backwards compatibility. Prefer 'domain'.

typeoptionalFilter to a specific record type: A, AAAA, CNAME, MX, TXT, NS. Omit to return all.

Example Requests

# All record types
curl "https://tinyutils.dev/api/dns-lookup?domain=example.com"

# Single record type
curl "https://tinyutils.dev/api/dns-lookup?domain=example.com&type=MX"

Example Response (all types)

{
  "ok": true,
  "hostname": "example.com",
  "normalizedHostname": "example.com",
  "records": {
    "A": ["93.184.216.34"],
    "AAAA": ["2606:2800:21f:cb07:6820:80da:af6b:8b2c"],
    "CNAME": [],
    "MX": [],
    "TXT": ["v=spf1 -all"],
    "NS": ["a.iana-servers.net", "b.iana-servers.net"]
  },
  "meta": {
    "lookupTimeMs": 42,
    "cached": false,
    "rateLimitedScope": "global"
  }
}

Example Response (type filter)

{
  "ok": true,
  "hostname": "example.com",
  "normalizedHostname": "example.com",
  "type": "MX",
  "records": {
    "MX": [{ "exchange": "mail.example.com", "priority": 10 }]
  },
  "meta": {
    "lookupTimeMs": 18,
    "cached": false,
    "rateLimitedScope": "global"
  }
}

Batch Endpoint

POST /api/dns-lookup/batch - look up to 10 domains in a single request.

curl -X POST "https://tinyutils.dev/api/dns-lookup/batch" \
  -H "Content-Type: application/json" \
  -d '{"domains":["example.com","openai.com"]}'

Error codes

INVALID_HOSTNAMEThe hostname is missing, malformed, or is an IP address.

UNSUPPORTED_RECORD_TYPEThe requested record type is not supported.

BLOCKED_HOSTNAMEThe hostname is a private, reserved, or internal address.

DNS_NOT_FOUNDNo DNS records were found for the given hostname and type.

DNS_LOOKUP_FAILEDThe DNS resolution failed unexpectedly.

RATE_LIMITEDYou have exceeded the daily request limit.

INTERNAL_ERRORAn unexpected server error occurred.

GET /api/url-resolve

Trace the full redirect chain of a URL. Returns every hop in order, the final resolved URL, the number of redirects followed, and any error that stopped resolution. Successful resolutions, redirect loops, and missing-location errors are cached for 60 seconds; transient failures (timeouts, request errors) and blocked-host results are not cached. Rate-limited via the same global pool as url-check and dns-lookup.

Query Parameters

urlrequiredThe URL to resolve. Scheme may be http or https; if omitted, https is assumed.

Example Request

curl "https://tinyutils.dev/api/url-resolve?url=http://example.com"

Example Response

{
  "input_url": "http://example.com",
  "final_url": "https://www.example.com/",
  "redirect_count": 2,
  "redirect_chain": [
    { "url": "http://example.com", "status": 301 },
    { "url": "https://example.com", "status": 301 },
    { "url": "https://www.example.com/", "status": 200 }
  ],
  "error": null
}

Batch Endpoint

POST /api/url-resolve/batch - resolve up to 10 URLs in a single request.

curl -X POST "https://tinyutils.dev/api/url-resolve/batch" \
  -H "Content-Type: application/json" \
  -d '{"urls":["http://example.com","http://openai.com"]}'

Error codes

invalid_urlThe URL is missing, malformed, or empty.

unsupported_protocolThe URL uses a protocol other than http or https.

blocked_hostThe target resolves to a private, reserved, or internal address, or the safety check could not be completed (for example, due to DNS timeout).

redirect_loopA redirect loop was detected.

too_many_redirectsThe redirect chain exceeded the 10-hop limit.

missing_locationA redirect response was missing the Location header, or the Location value was invalid or unparseable.

timeoutA hop or the overall resolution exceeded the time budget.

request_failedA network error prevented a hop from completing.

rate_limitedYou have exceeded the daily request limit.

internal_errorAn unexpected server error occurred.

GET /api/http-headers

Inspect HTTP response headers for any URL. Follows redirects and returns the final URL, HTTP status code, and all response headers as a flat key/value map. Results are cached for 60 seconds. Rate-limited via the same global pool as url-check, dns-lookup, and url-resolve.

Query Parameters

urlrequiredThe URL to inspect. Scheme may be http or https; if omitted, https is assumed.

Example Request

curl "https://tinyutils.dev/api/http-headers?url=https://example.com"

Example Response

{
  "ok": true,
  "input_url": "https://example.com",
  "final_url": "https://www.example.com/",
  "status": 200,
  "headers": {
    "content-type": "text/html; charset=UTF-8",
    "cache-control": "max-age=604800",
    "server": "ECAcc (dcb/7F84)"
  },
  "headers_truncated": false,
  "meta": {
    "responseTimeMs": 123,
    "cached": false,
    "rateLimitedScope": "global"
  },
  "error": null
}

Error codes

INVALID_URLThe URL is missing, malformed, or uses an unsupported scheme.

BLOCKED_HOSTThe target resolves to a private, reserved, or internal address.

TIMEOUTThe request exceeded the 2.5s timeout.

NETWORK_ERRORA network error prevented the request from completing.

REDIRECT_LOOPRedirects formed a loop and the final URL could not be resolved.

MISSING_LOCATIONA redirect response was missing or had an unparseable Location header.

TOO_MANY_REDIRECTSThe URL required more than 10 redirects to resolve.

RATE_LIMITEDYou have exceeded the daily request limit.

INTERNAL_ERRORAn unexpected server error occurred.

GET /api/ssl-check

Inspect the TLS certificate for any hostname. Opens a TLS connection to port 443 and returns certificate details including subject, issuer, validity dates, days remaining, and SANs. Results are cached for 60 seconds. Rate-limited via the same global pool as url-check, dns-lookup, url-resolve, and http-headers.

Query Parameters

hostnamerequiredThe hostname to inspect, e.g. example.com. Do not include a scheme or path.

Example Request

curl "https://tinyutils.dev/api/ssl-check?hostname=example.com"

Example Response

{
  "ok": true,
  "hostname": "example.com",
  "normalizedHostname": "example.com",
  "certificate": {
    "valid": true,
    "subject": "CN=example.com",
    "issuer": "DigiCert Inc",
    "valid_from": "2026-01-01T00:00:00.000Z",
    "valid_to": "2026-12-31T23:59:59.000Z",
    "days_remaining": 271,
    "sans": ["example.com", "www.example.com"]
  },
  "meta": {
    "lookupTimeMs": 84,
    "cached": false,
    "rateLimitedScope": "global"
  },
  "error": null
}

Error codes

INVALID_HOSTNAMEThe hostname is missing or malformed.

BLOCKED_HOSTNAMEThe hostname is private, reserved, or internal.

TLS_TIMEOUTThe TLS connection timed out.

TLS_HANDSHAKE_FAILEDThe TLS handshake failed.

CERT_NOT_PRESENTNo certificate could be read from the connection.

RATE_LIMITEDYou have exceeded the daily request limit.

INTERNAL_ERRORAn unexpected server error occurred.

GET /api/robots-parse

Fetch and parse robots.txt for any site. Accepts a full URL or domain, resolves robots.txt from the site origin, and returns crawler rules, sitemap references, and user-agent groups as clean JSON. Results are cached for 60 seconds. Rate-limited via the same global pool as url-check, dns-lookup, url-resolve, http-headers, and ssl-check.

Query Parameters

urlrequiredA site URL to inspect. If a path is provided, TinyUtils will fetch robots.txt from the site's origin.

Example Request

curl "https://tinyutils.dev/api/robots-parse?url=https://example.com"

Example Response

{
  "ok": true,
  "input_url": "https://example.com",
  "robots_url": "https://example.com/robots.txt",
  "found": true,
  "status": 200,
  "content_type": "text/plain",
  "sitemaps": ["https://example.com/sitemap.xml"],
  "groups": [
    {
      "user_agents": ["*"],
      "allow": ["/public/"],
      "disallow": ["/admin/"],
      "crawl_delay": null,
      "host": null
    }
  ],
  "meta": {
    "responseTimeMs": 74,
    "cached": false,
    "rateLimitedScope": "global"
  },
  "error": null
}

Error codes

INVALID_URLThe URL is missing or malformed.

BLOCKED_HOSTThe hostname is private, reserved, or internal.

TIMEOUTThe upstream request timed out.

NETWORK_ERRORThe upstream request failed.

RATE_LIMITEDYou have exceeded the daily request limit.

INTERNAL_ERRORAn unexpected server error occurred.

GET /api/sitemap-inspect

Fetch and inspect a sitemap or sitemap index. Accepts a full sitemap URL or a site URL (auto-resolved to /sitemap.xml), follows redirects safely, and returns parsed sitemap data as JSON. Successful results are cached for 60 seconds, and some deterministic errors may also be cached. Rate-limited via the same global pool as other public TinyUtils endpoints.

Query Parameters

urlrequiredA site URL or sitemap URL to inspect. Site URLs are normalized to /sitemap.xml.

Example Request

curl "https://tinyutils.dev/api/sitemap-inspect?url=https://example.com"

Example Response

{
  "ok": true,
  "input_url": "https://example.com",
  "sitemap_url": "https://example.com/sitemap.xml",
  "final_url": "https://example.com/sitemap.xml",
  "status": 200,
  "content_type": "application/xml",
  "format": "urlset",
  "sitemaps": [],
  "urls": [
    {
      "loc": "https://example.com/",
      "lastmod": "2026-01-05",
      "changefreq": "daily",
      "priority": "1.0"
    }
  ],
  "xml_truncated": false,
  "entries_truncated": false,
  "meta": {
    "responseTimeMs": 76,
    "cached": false,
    "rateLimitedScope": "global"
  },
  "error": null
}

Error codes

INVALID_URLThe URL is missing or malformed.

BLOCKED_HOSTThe hostname is private, reserved, or internal.

TIMEOUTThe upstream request timed out.

NETWORK_ERRORThe upstream request failed.

REDIRECT_LOOPA redirect loop was detected.

MISSING_LOCATIONA redirect response was missing a valid Location header.

TOO_MANY_REDIRECTSThe redirect chain exceeded 10 hops.

NON_XML_CONTENTThe fetched resource was not XML.

UNSUPPORTED_SITEMAP_FORMATThe XML response was not a sitemap index or urlset.

RATE_LIMITEDYou have exceeded the daily request limit.

INTERNAL_ERRORAn unexpected server error occurred.

GET /api/security-headers

Check common HTTP security headers for any URL. Follows redirects and returns a subset of security-relevant response headers plus a per-header analysis with a score out of six. Results are cached for 60 seconds. Rate-limited via the same global pool as other public TinyUtils endpoints.

Query Parameters

urlrequiredThe URL to check. Scheme may be http or https; if omitted, https is assumed.

Example Request

curl "https://tinyutils.dev/api/security-headers?url=https://example.com"

Example Response

{
  "ok": true,
  "input_url": "https://example.com",
  "final_url": "https://www.example.com/",
  "status": 200,
  "headers": {
    "strict-transport-security": "max-age=63072000",
    "x-frame-options": "SAMEORIGIN"
  },
  "analysis": {
    "strict_transport_security": { "present": true, "valid": true },
    "content_security_policy": { "present": false, "valid": false },
    "x_frame_options": { "present": true, "valid": true },
    "x_content_type_options": { "present": false, "valid": false },
    "referrer_policy": { "present": false, "valid": false },
    "permissions_policy": { "present": false, "valid": false }
  },
  "score": 2,
  "max_score": 6,
  "meta": {
    "responseTimeMs": 96,
    "cached": false,
    "rateLimitedScope": "global"
  },
  "error": null
}

Error codes

INVALID_URLThe URL is missing, malformed, or uses an unsupported scheme.

BLOCKED_HOSTThe target resolves to a private, reserved, or internal address.

TIMEOUTThe request exceeded the 2.5s timeout.

NETWORK_ERRORA network error prevented the request from completing.

TOO_MANY_REDIRECTSThe URL required more than 10 redirects to resolve.

REDIRECT_LOOPThe URL caused a redirect loop while resolving redirects.

MISSING_LOCATIONA redirect response was missing the required Location header.

RATE_LIMITEDYou have exceeded the daily request limit.

INTERNAL_ERRORAn unexpected server error occurred.