Analyze HTTP response headers and security posture.
HTTP headers are metadata exchanged between browsers and servers on every request. They control security, caching, content handling, and SEO — all invisible to visitors but critical to how a website functions.
Key security headers include Content-Security-Policy (prevents XSS attacks), Strict-Transport-Security (forces HTTPS), X-Frame-Options (blocks clickjacking), and X-Content-Type-Options (stops MIME sniffing). Missing any of these can leave a site vulnerable.
Performance headers like Cache-Control and ETag determine how long browsers cache resources, directly affecting load times. This tool fetches all response headers for any URL and scores the security configuration.
Start with Content-Security-Policy, Strict-Transport-Security, X-Frame-Options, X-Content-Type-Options, and Referrer-Policy. These protect against XSS, clickjacking, and protocol downgrade attacks.
Header Inspector shows all response headers and a security score. The Security Headers Analyzer focuses on grading security header configuration with detailed recommendations.
No. Requests run in real time and results are not saved on our servers.