Security Header Checker
Enter a domain to fetch its HTTP response headers and score the security-relevant ones, including HSTS, Content-Security-Policy, X-Frame-Options and X-Content-Type-Options. You get a letter grade and a list of which headers are present and which are missing.
Want everything at once? Run a full domain report (WHOIS, DNS, SSL, headers, reputation, subdomains).
New to this? Read HTTP Security Headers Explained: The Complete Guide.
Frequently asked questions
Which security headers does this check?
It looks for the headers that harden a site in the browser: Strict-Transport-Security (HSTS), Content-Security-Policy, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy and the Cross-Origin policies. Each present header improves the grade.
What is a good security header grade?
Aim for the critical four at minimum: HSTS, a Content-Security-Policy, X-Frame-Options, and X-Content-Type-Options. A site missing those is more exposed to downgrade attacks, clickjacking and MIME sniffing, which is reflected in a lower grade.
Do security headers affect SEO?
Indirectly. They do not rank you directly, but HTTPS and HSTS support the security signals search engines value, and a safer site avoids browser warnings that drive visitors away. They are mainly about protecting your users.