Security Headers Checker
Verify HSTS, CSP, X-Frame-Options and more — no signup required
We automatically add https:// — just type your domain. We'll run the relevant scanners and email you the full report.
What We Check
Strict-Transport-Security
HSTS header — forces browsers to use HTTPS for a specified period.
Content-Security-Policy
CSP header — prevents XSS and data injection attacks.
X-Frame-Options
Prevents clickjacking by controlling iframe embedding.
X-Content-Type-Options
Prevents MIME-type sniffing (nosniff).
Referrer-Policy
Controls how much referrer information is shared.
Permissions-Policy
Restricts browser features (camera, microphone, geolocation).
Cross-Origin Policies
CORP, COEP, COOP headers for cross-origin isolation.
Cookie Security
Secure, HttpOnly, SameSite attributes on all cookies.
Get a Complete Security Audit
This checker is just part of our 27-scanner security assessment. Run a full scan for a complete report.
Start Full Free Scan →