Analyze HTTP security headers of any website. Check for HSTS, CSP, X-Frame-Options, X-Content-Type-Options, and other critical security headers.
â ī¸ Due to CORS restrictions, this tool performs a simulated offline analysis. For live results, use the browser's DevTools (F12 â Network tab).
| Header | Purpose | Impact |
|---|---|---|
| Strict-Transport-Security | Force HTTPS connections | đ´ Critical |
| Content-Security-Policy | Prevent XSS and injection | đ´ Critical |
| X-Frame-Options | Prevent clickjacking | đĄ High |
| X-Content-Type-Options | Prevent MIME sniffing | đĄ High |
| Referrer-Policy | Control referer information | đĸ Medium |
| Permissions-Policy | Control browser features | đĸ Medium |
| X-XSS-Protection | Legacy XSS filter | đĩ Low |
For Apache: Add Header directives to .htaccess. For Nginx: Add add_header directives to nginx.conf. For Cloudflare: Use Workers or Transform Rules. Our .htaccess Generator tool can help create the correct configuration.