Free Security HeadersChecker
Scan your HTTP security headers in seconds. Get a scored report with specific fixes for HSTS, CSP, X-Frame-Options, and more.
Enter your URL
Paste any website URL — we handle the rest.
We scan headers
We fetch your HTTP response headers and analyze each one.
Get your report
See your score out of 100 with specific fixes for every issue.
What are security headers?
Security headers are HTTP response headers that tell browsers how to behave when handling your site's content. They protect against common attacks like cross-site scripting (XSS), clickjacking, MIME-type sniffing, and man-in-the-middle attacks. The most important headers include Strict-Transport-Security (HSTS), Content-Security-Policy (CSP), and X-Frame-Options.
Why check your security headers?
Missing security headers leave your site vulnerable to attacks that are easy to prevent. Without HSTS, users can be downgraded to HTTP. Without CSP, your site is more susceptible to XSS. Without X-Frame-Options, your pages can be embedded in malicious iframes. Many of these headers take one line to add but protect against entire classes of attacks.
What does HeaderGuard check?
HeaderGuard checks your HTTP response headers across three categories: Security Headers (HSTS, CSP, X-Content-Type-Options, X-Frame-Options, Referrer-Policy, Permissions-Policy, COOP), Information Disclosure (Server version, X-Powered-By, tech stack headers), and Cookie Security (Secure, HttpOnly, SameSite flags). You get a score out of 100, pass/warn/fail for each header, and copy-paste fixes for every issue.