All Tools
Live
HTTP Security Headers Checker
Check if your website sends the 6 critical browser security headers — CSP, HSTS, X-Frame-Options, and more. Missing headers leave your visitors exposed.
Fetching security headers…
Get your full domain security summary emailed to you, free
We will compile your results and send a plain-English summary with next steps.
✓ Your summary is on the way. Check your inbox.
What are HTTP security headers?
Security headers are instructions your web server sends to browsers telling them how to behave. They're the first line of defense against common web attacks like cross-site scripting (XSS), clickjacking, and protocol downgrade attacks — all exploitable without any malware needed.
They are configured in your web server (Nginx, Apache), CDN (Cloudflare), or hosting platform — not in your application code. Most are one-liners to add. Most businesses have none of them set.