Security · Live check

Security header check for your website.

Enter an address — we fetch it once and show which HTTP security headers are set (HSTS, CSP, X-Frame-Options and more) and how your TLS certificate is doing. With a security score and concrete pointers.

FAQ

Frequently asked questions

01What does this test check?

The HTTP response headers of your homepage for the key security features (HSTS, Content-Security-Policy, X-Content-Type-Options, clickjacking protection, Referrer and Permissions Policy) plus the TLS certificate (validity, days remaining).

02What's a good score?

The higher, the better — 100 means all checked headers are set. HSTS and a Content-Security-Policy matter most; they carry the highest weight. Missing “low” headers aren't a disaster, but quick to add.

03Why don't I have a Content-Security-Policy?

A CSP is the most involved header because it has to match your site — set wrong, it blocks your own scripts. That's why it's often missing. We set it up precisely as part of maintenance.

04Are my data stored?

No. We fetch the entered URL once, server-side (like a browser), and show you the result. Nothing is logged or stored.

05Is the check safe and allowed?

Yes. Only publicly reachable addresses are fetched — exactly like a normal website visit. Internal or private targets (localhost, 192.168.x.x, cloud metadata) are blocked server-side.

Headers missing? We'll harden your site.