Security Headers Scanner
Scan HTTP security headers to identify potential vulnerabilities
Scan Website
Enter a URL to scan its security headers
Quick examples:
Critical Headers
Strict-Transport-Security (HSTS)
Forces browsers to use HTTPS only, preventing protocol downgrade attacks.
Content-Security-Policy (CSP)
Prevents XSS attacks by controlling which resources can be loaded.
X-Frame-Options
Prevents clickjacking by controlling if the site can be embedded in frames.
Recommended Headers
X-Content-Type-Options
Prevents MIME-sniffing attacks by forcing declared content types.
Referrer-Policy
Controls how much referrer information is shared with requests.
Permissions-Policy
Controls which browser features and APIs can be used.
Security Best Practices
Essential Headers:
- Always use HTTPS (enable HSTS)
- Implement Content Security Policy
- Prevent clickjacking with X-Frame-Options
- Disable MIME-sniffing
Additional Security:
- Use Referrer-Policy for privacy
- Implement Permissions-Policy
- Keep headers updated with best practices
- Regularly audit your security headers
Learn More
For comprehensive security header analysis and recommendations, check out:
- SecurityHeaders.com - Free security header scanner
- Mozilla Observatory - Website security assessment
- OWASP Secure Headers Project - Best practices guide