Security Headers Checker

Verify HSTS, CSP, X-Frame-Options and more — no signup required

We automatically add https:// — just type your domain. We'll run the relevant scanners and email you the full report.

What We Check

Strict-Transport-Security

HSTS header — forces browsers to use HTTPS for a specified period.

Content-Security-Policy

CSP header — prevents XSS and data injection attacks.

X-Frame-Options

Prevents clickjacking by controlling iframe embedding.

X-Content-Type-Options

Prevents MIME-type sniffing (nosniff).

Referrer-Policy

Controls how much referrer information is shared.

Permissions-Policy

Restricts browser features (camera, microphone, geolocation).

Cross-Origin Policies

CORP, COEP, COOP headers for cross-origin isolation.

Cookie Security

Secure, HttpOnly, SameSite attributes on all cookies.

Get a Complete Security Audit

This checker is just part of our 27-scanner security assessment. Run a full scan for a complete report.

Start Full Free Scan →