HTTP Security Headers Checker

What are HTTP security headers?

Security headers are instructions your web server sends to browsers telling them how to behave. They're the first line of defense against common web attacks like cross-site scripting (XSS), clickjacking, and protocol downgrade attacks — all exploitable without any malware needed.

They're configured in your web server (Nginx, Apache), CDN (Cloudflare), or hosting platform — not in your application code. Most are one-liners to add. Most businesses have none of them set.