Check HTTP security headers for any domain.
HTTP security headers are instructions a web server sends with every response to tell browsers how to behave. They form a critical defense layer against common attacks without requiring changes to your application code.
Key headers and what they prevent:
This tool sends a request to the target domain and evaluates each header, scoring your configuration from A (best) to F (critical gaps).
Key security headers include Content-Security-Policy, Strict-Transport-Security, X-Content-Type-Options, X-Frame-Options, and Referrer-Policy.
The score is based on which recommended headers are present and properly configured. Each missing or misconfigured header reduces your grade.
No. The scan runs in real-time and no results are saved to any server or database.