Why can't I check some URLs?

Due to browser CORS restrictions, not all URLs can be checked directly. Use the 'Paste Headers' mode to analyze headers from any URL by copying them from your browser's developer tools.

What headers are checked?

Content-Security-Policy, X-Frame-Options, X-Content-Type-Options, Strict-Transport-Security, Referrer-Policy, Permissions-Policy, and X-XSS-Protection.

Security Headers Checker — Free HTTP Security Audit

Check website security headers including CSP, HSTS, X-Frame-Options, and more. Paste headers or check a URL.

How It Works

Enter a URL or paste HTTP response headers. The tool checks for the presence and configuration of key security headers, grades each one, and provides an overall security score with recommendations.

Security Headers Checker — Free HTTP Security Audit

How It Works

Frequently Asked Questions

Why can't I check some URLs?

What headers are checked?

Related Tools