Scan your website's security headers in seconds
This tool analyzes the security headers of any website to provide insights into its protection against common web vulnerabilities. Explore the details below:
CSP specifies which resources the browser can load and execute. A well-configured CSP helps prevent cross-site scripting (XSS) and code injection attacks by restricting the sources for scripts, styles, and other content.
HSTS forces browsers to use HTTPS, ensuring that all communications are encrypted. This helps protect against man-in-the-middle attacks and secures data in transit.
This header prevents browsers from MIME type sniffing, ensuring that the server-declared content type is followed. It reduces the risk of executing malicious code if the content type is misinterpreted.
This header controls whether your website can be embedded within an iframe, protecting against clickjacking attacks.
This header enables the browser’s built-in XSS filtering mechanisms, providing an extra layer of defense against cross-site scripting attacks.
Controls how much referrer information is sent with requests. A strict policy helps protect user privacy by limiting the data shared when users navigate away from your site.