No sign-up
Security Headers Scanner
Check CSP, HSTS, X-Frame-Options and get a grade. Instant. No sign-up.
See how your website scores on HTTP security headers. Get a grade (A to F) and a list of which headers are present or missing. We don't store your URL or results.
- No sign-up
- Instant results
- We don't store your URL
Scan your website
Enter your site's domain or full URL below. Results are instant and we don't store your URL or scan results.
Why check your site's security headers?
HTTP security headers tell browsers how to protect your visitors: they can block clickjacking, enforce HTTPS, reduce XSS risk, and control which features your site can use. Missing or weak headers leave your site and users more exposed. Checking them regularly helps you stay ahead of common vulnerabilities and compliance requirements.
Use this scanner to see your current grade, then add or fix headers in your server or CDN config (e.g. Nginx, Apache, Cloudflare, Vercel) to improve your score.
FAQ
Which headers are checked?
Content-Security-Policy, Strict-Transport-Security (HSTS), X-Frame-Options, X-Content-Type-Options, Referrer-Policy, and Permissions-Policy.
Do you store the URL I scan?
No. The scan runs once and we do not log or store the URL or results.
Why does the scan fail?
The site may be down, block our scanner, or use a non-standard port. Try the bare domain (e.g. example.com) without a path. Localhost is not allowed.