Security Headers Checker
Evaluate your website's HTTP security headers. Generate perfect configurations for CSP, HSTS, X-Content-Type-Options, and more to protect against XSS and clickjacking.
Loading tool...
aboutTool
Security Headers Checker evaluates your website's HTTP response headers to ensure protection against XSS, Clickjacking, and other vulnerabilities. It also suggests optimized configurations for maximum site security.
howToUse
- Enter the website URL you wish to audit
- Review the active security headers and identify missing items
- Examine the security grade and professional recommendations
- Apply the provided Nginx or Apache snippets to your server configuration
features
- Deep audit of CSP, HSTS, XFO, and more
- Security grading based on industry best practices
- Auto-generation of secure server configuration snippets
- Real-time header parsing
- Protection diagnostics for XSS and Hijacking
- Simple result sharing and reporting
faq
What is the most critical header?
Content-Security-Policy (CSP) and HSTS are fundamental to modern web security.
Are headers enough?
They are a critical layer of defense-in-depth but should be complemented with secure coding and patching.