AES Encryption Explained: How It Works and Why It Matters
Jun 23, 2026
Analyze HTTP security headers of any website including CSP, HSTS, X-Frame-Options, and CORS.
HTTP security headers are directives sent by a web server in the HTTP response that instruct the browser how to behave regarding security. Headers like CSP (Content-Security-Policy), HSTS (Strict-Transport-Security), and X-Frame-Options help protect against common attacks such as XSS, clickjacking, and protocol downgrade attacks. A properly configured set of security headers significantly reduces your website's attack surface.
You should aim for a grade A (90–100%). This means all critical security headers are present and configured correctly. Grade B (70–89%) is acceptable but has room for improvement. Grades below C (below 50%) indicate significant security gaps that should be addressed promptly. This checker evaluates headers like HSTS, CSP, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy, and CORS.
Add the missing headers to your web server configuration. For Apache, use Header set directives in .htaccess or httpd.conf. For Nginx, use add_header directives. For cloud platforms like Cloudflare or AWS, you can add headers through the dashboard or origin server configuration. Each header's recommendation column explains exactly what to add and why.
CSP is a security header that helps prevent Cross-Site Scripting (XSS), data injection, and other code injection attacks. It allows you to specify which sources of content (scripts, styles, images, fonts, etc.) the browser should allow to load on your page. A well-crafted CSP can block malicious scripts even if an attacker finds a way to inject code into your site.
No. This tool fetches the headers from the provided URL on the server side to perform the analysis. The URL and results are not stored, logged, or shared with any third party. Once you leave or refresh the page, the results are gone.
Blog
Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
Jun 23, 2026