Security Headers Checker
Scan any URL for missing HTTP security headers and get an instant A–F grade. See exactly which headers are set, which are missing and what each one protects against.
Free · No credit card · 50 credits/day
The 7 headers we check
Five required (affect grade), two optional but recommended.
Strict-Transport-Security
Required
Protects: Protocol downgrade / SSL stripping
Tells browsers to only connect via HTTPS for a specified period. Prevents man-in-the-middle attacks that downgrade HTTPS to HTTP.
Content-Security-Policy
Required
Protects: XSS, data injection
Defines which sources of scripts, styles, images and other resources the browser is allowed to load. A strict CSP is the most effective XSS mitigation available.
X-Frame-Options
Required
Protects: Clickjacking
Prevents your page from being embedded in an iframe on another domain. Stops clickjacking attacks where a hidden frame overlays a legitimate page.
X-Content-Type-Options
Required
Protects: MIME sniffing
Prevents browsers from guessing the content type of a response. Without it, a browser might execute a text file as JavaScript.
Referrer-Policy
Required
Protects: Information leakage
Controls how much referrer information is sent with requests. Prevents leaking sensitive URL parameters (tokens, user IDs) to third-party sites.
Permissions-Policy
Optional
Protects: Feature abuse
Controls access to browser APIs — camera, microphone, geolocation, payment — per origin. Limits what third-party scripts can do even if injected.
X-XSS-Protection
Optional
Protects: Reflected XSS (legacy)
Activates the built-in XSS filter in older browsers. Deprecated in modern browsers — CSP supersedes it — but still useful for IE/legacy browser compatibility.
How the grade is calculated
Based on the five required headers only — optional headers don't affect the grade.
5 of 5 required headers present
4 of 5 (80%+)
3 of 5 (60%+)
2 of 5 (40%+)
Fewer than 2 required headers
Frequently asked questions
Related security tools
More tools to audit your site's security posture.
Scan your site now
Free account. 50 credits per day. Access to 75+ tools instantly.
Create free account →