Scan any website's HTTP response headers and get a security grade from A+ to F. Checks for HSTS, Content Security Policy, X-Content-Type-Options, X-Frame-Options, Referrer-Policy, Permissions-Policy, and more — with specific recommendations for each missing header.
Auditing your production site before a security review, comparing your headers against industry best practices, verifying that a CDN or reverse proxy isn't stripping security headers, or benchmarking competitor security posture.
Analyze a website's HTTP security headers and get a grade from A+ to F. Check for HSTS, CSP, X-Frame-Options, and more.