Security Headers Checker

Analyze HTTP security headers and get recommendations for improvement

Paste your HTTP response headers below:

About Security Headers

HTTP security headers are directives that tell browsers how to handle your website content securely. Properly configured headers can prevent many common attacks including:

XSS (Cross-Site Scripting) - Malicious script injection
Clickjacking - Tricking users to click hidden elements
MIME sniffing - Browser misinterpreting content types
Man-in-the-middle - Intercepting unencrypted traffic
Information leakage - Exposing sensitive referrer data

Headers We Check

Content-Security-Policy

Controls resources the browser is allowed to load. Prevents XSS and injection attacks.

X-Frame-Options

Prevents clickjacking by controlling whether the page can be embedded in iframes.

X-Content-Type-Options

Prevents MIME type sniffing, which can lead to security vulnerabilities.

Strict-Transport-Security

Forces browsers to use HTTPS, preventing man-in-the-middle attacks.

X-XSS-Protection

Legacy XSS filter. Modern browsers have deprecated this in favor of CSP.

Referrer-Policy

Controls how much referrer information is included with requests.

Permissions-Policy

Controls which browser features and APIs can be used on the page.