HTTP Security Headers Check
Check any website for missing security headers — CSP, X-Frame-Options, HSTS, X-Content-Type-Options, Referrer-Policy, and Permissions-Policy. Missing headers are low-hanging fruit for attackers.
Enter a URL
We’ll check for critical security headers and grade each one as present, missing, or misconfigured.
Results will appear here after you run a check.
What This Tool Checks
Content-Security-Policy
Controls which resources the browser can load. Missing CSP headers leave sites open to XSS and data injection attacks.
X-Frame-Options & HSTS
X-Frame-Options prevents clickjacking. HSTS forces HTTPS connections, blocking SSL-stripping attacks.
X-Content-Type-Options
Prevents MIME-type sniffing that can trick browsers into executing malicious content as scripts.
Referrer & Permissions Policy
Referrer-Policy controls info leakage. Permissions-Policy restricts access to browser features like camera, mic, and geolocation.
This tool scratches the surface. The full platform goes deeper.
Continuous web application scanning, automated header monitoring, and compliance-mapped remediation guidance — all white-labeled under your MSP brand.