Security Headers Checker

Audit any website's HTTP security headers. Get per-header grades and actionable fix recommendations. Free alternative to securityheaders.com.

Enter any public URL. We fetch the headers server-side. No data is stored.

What Are Security Headers?

HTTP security headers are response headers that tell the browser how to behave when handling your website's content. They protect against attacks like cross-site scripting (XSS), clickjacking, man-in-the-middle attacks, and content injection.

Content-Security-Policy

Prevents XSS by controlling which resources can be loaded.

Strict-Transport-Security

Forces HTTPS connections, preventing downgrade attacks.

X-Frame-Options

Prevents clickjacking by controlling iframe embedding.

X-Content-Type-Options

Prevents MIME-sniffing attacks.

Referrer-Policy

Controls how much referrer info is sent with requests.

Permissions-Policy

Controls access to browser features like camera and location.

Security Headers Checker — Free HTTP Security Headers Audit | Glasswing