Free Security Tool
Security Headers Analyzer
Check your website's HTTP security headers in seconds. Get detailed reports on CSP, HSTS, X-Frame-Options, and other security headers with actionable recommendations.
-
-
-
Overall Score
Score Breakdown
-
Transport (25%)
-
Content (35%)
-
Framing (15%)
-
Other (15%)
-
Disclosure (10%)
Security Headers
What Security Headers Do We Check?
Content-Security-Policy
Prevents XSS attacks by controlling which resources the browser is allowed to load.
Strict-Transport-Security
Forces browsers to use HTTPS connections, preventing downgrade attacks.
X-Frame-Options
Protects against clickjacking attacks by controlling iframe embedding.
X-Content-Type-Options
Prevents MIME type sniffing attacks by enforcing declared content types.
Referrer-Policy
Controls how much referrer information is shared when navigating away from your site.
Permissions-Policy
Controls which browser features and APIs can be used on your website.
Understanding Your Grade
| Grade | Score Range | Description |
|---|---|---|
| A+ | 90-100 | Excellent - all critical headers present with strong configurations |
| A | 80-89 | Very good security headers with minor improvements possible |
| B | 70-79 | Good baseline - missing some recommended headers |
| C | 60-69 | Adequate - missing important security headers |
| D | 50-59 | Poor - many security headers missing or misconfigured |
| F | 0-49 | Failing - critical security headers missing, immediate action required |
Note: Maximum grade is capped at B if Content-Security-Policy or Strict-Transport-Security is missing.
Ready to Modernize Your Business?
Let's discuss how cloud architecture and AI automation can transform your operations, reduce costs, and unlock new capabilities.
Schedule a Consultation