Something wrong with this tool?
About HTTP Security Headers Checker Online
This tool fetches a URL and inspects the HTTP security headers it returns: Content-Security-Policy, Strict-Transport-Security, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy and more. The tool scores the response and explains which headers are missing or weak.
Security headers are a cheap and effective way to harden a website. They mitigate XSS, clickjacking, mixed-content issues, leaky referrers, and risky browser features being enabled by default.
Use it before launching a new site, as part of regular audits, or when bringing third-party scripts into production. A site that ships strong headers tends to look more trustworthy on tools like Mozilla Observatory and SecurityHeaders.com — both useful follow-ups.
How to use this tool
How to audit a site's HTTP security headers
Enter the page URL
Put the https:// page into the "Page URL" field. The scheme is auto-added if missing. Up to 2048 characters.
How the probe works
Our server tries HEAD first, then falls back to GET if the origin replies 405/501. It follows redirects, drains the body, and analyses the response headers — your browser never makes this request.
Press Run
Result returns finalUrl (after redirects), httpStatus, scorePercent (presentCount/totalChecks), and rows[] — one row per checked header with its name, status, and the value if present.
Interpret the score
It's a count of expected security headers present (CSP, HSTS, X-Frame-Options, Referrer-Policy, etc.), not a full audit. A high score does not certify the site is secure — review each row's value to confirm policy strength.