Security headers for

example.com

2/8 checks passed

F

grade · 25/100

HTTPS Served over HTTPS.

Strict-Transport-Security (HSTS) Missing — browsers may connect over insecure HTTP first.

Content-Security-Policy Missing — a CSP greatly reduces cross-site scripting risk.

X-Frame-Options Missing — your pages can be embedded in a malicious frame (clickjacking).

X-Content-Type-Options Missing "nosniff" — browsers may guess content types unsafely.

Referrer-Policy Missing — full URLs may leak to third parties.

Permissions-Policy Missing — optional, restricts camera/mic/geolocation APIs.

No version disclosure No tech/version details leaked in headers.

Your site is missing 6 security headers. We harden sites properly — and test so nothing breaks.

Secure my site

Want a free report like this for your site?

Run the same check on your own website in seconds — no login required.

Scan my website free

Security headers are instructions your server sends to every visitor's browser telling it how to behave safely. The right ones stop a huge range of attacks — cross-site scripting, clickjacking, protocol downgrade, and data leakage — for free, without changing a line of your site's code.

This tool fetches your site and grades the headers that matter: HSTS (forces HTTPS), Content-Security-Policy (blocks injection/XSS), X-Frame-Options (stops clickjacking), X-Content-Type-Options, Referrer-Policy, Permissions-Policy, and whether your server is leaking its software version to attackers.

You'll get a letter grade and the exact headers to add. We can configure them all for you.

More free tools: Free Website & SEO Scan AI Search Visibility Checker Local SEO Score Checker Competitor Analysis Tool SSL Certificate Checker Email Deliverability Checker

Security Headers Checker report

Want a free report like this for your site?

Get a free website review