HTTP Security Headers Analyzer
Evaluate the security posture of your website's HTTP response headers.
Note: CORS policies may block some direct browser requests. If fetch fails, use "Paste Raw Headers".
Paste headers from Chrome DevTools (Network Tab > Headers) or curl -I output.
?
Security Score
Analysis Configuration
Customize which headers impact your score.
Strict Transport Security (HSTS)
Content Security Policy (CSP)
X-Frame-Options
X-Content-Type-Options
Referrer-Policy
Permissions-Policy
