Server & Network

Security Headings Free Analysis

Get a free analysis of your website's security headers. Achieve an A-F grade by checking HSTS, CSP, X-Frame-Options, and more.

Analyze Security Headings
Information

Security Headings Free Analysis

Security headers are HTTP response headers that your web server sends to your browser, protecting your site from various types of attacks. This free tool queries the server for six critical security headers in the URL you enter; it lists the presence, value, and a short recommendation for each, then gives an overall security rating from A+ to F.

The topics analyzed are as follows: Strict-Transport-Security (HSTS) It makes the site accessible only via HTTPS; Content-Security-Policy (CSP) It prevents XSS attacks by defining which resources can be loaded; X-Frame-Options It protects against clickjacking by preventing your site from being displayed in other sites' iframes; X-Content-Type-Options It disables MIME type prediction; Referrer Policy It controls which visitor referrer information is shared with third parties; Permissions Policy It restricts access to browser features such as camera, microphone, and location.

Adding these headers makes your site much more resilient against common web security vulnerabilities such as XSS, clickjacking, MIME sniffing, data leakage, and unauthorized API access. The results are queried in real-time through our server; local and private network addresses are blocked for security reasons.

How to use it?

Step by step

  1. The address of the site you want to check https://example.com Enter it in this format.
  2. Analyze Click the button; our server will send a request to your site.
  3. For each safety helmet current (green) or missing (red) The status and a brief suggestion are displayed.
  4. At the top of the page general security note (Grades ranging from A+ to F are displayed; you can improve your grade by adding the missing headings to your server configuration.)
  5. The value of existing titles copy You can add it to your clipboard using the button.
FAQ

Frequently Asked Questions

Security headers tell the browser how to handle your site. When properly configured, they create an effective defense layer against common attacks such as XSS (cross-site scripting), clickjacking, MIME sniffing, referrer information leakage, and unauthorized browser feature access.

This tool checks 6 critical headings: Strict-Transport-Security, Content-Security-Policy, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, and Permissions-Policy. If all are present and the response is successful, an A+ grade is awarded.

On Apache servers mod_headers with .htaccess or httpd.conf to the file Header set You can add directives in Nginx. add_header The following directive is used. Security plugins for WordPress or .htaccess This arrangement is sufficient.

Content-Security-Policy defines which domains and sources can upload scripts, styles, images, etc. Incorrect configuration can break the site; therefore, it's important to first... Content-Security-Policy-Report-Only It is recommended to test in reporting mode with the title.

Some servers may block bot requests, respond very slowly and time out, or use invalid SSL certificates. Also, for security reasons, queries cannot be made to local network and private IP addresses (localhost, 192.168.x, etc.).
Return to all free tools