Security Headers Check
Check your HTTP security headers including HSTS, CSP, X-Frame-Options, and more.
What are security headers?
HTTP security headers are directives sent by your web server that instruct browsers how to behave when handling your site's content. They protect against common attacks like cross-site scripting (XSS), clickjacking, MIME-type sniffing, and man-in-the-middle attacks.
Key headers include HSTS (force HTTPS), Content-Security-Policy (control resource loading), X-Frame-Options (prevent clickjacking), and Permissions-Policy (restrict browser features). Missing or misconfigured headers leave your users vulnerable to attacks that are otherwise easy to prevent.
Full assessment
These are just your headers. Get a full security assessment.
Email security, TLS, headers, DNS, web application, breach exposure, and subdomains. 40+ checks. Free.
Run a full scan →