Comprehensive HTTP security header audit with scoring. Check CSP, HSTS, X-Frame-Options, and more.
Paste raw HTTP response headers or fetch from a URL to get a graded security audit. The tool checks CSP, HSTS, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy, and other security headers, with a score from A+ to F and actionable remediation. Runs in your browser.
CSP, Strict-Transport-Security (HSTS), X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy, COOP, COEP, CORP, and deprecated headers like X-XSS-Protection.
Yes. Copy the full response headers from DevTools or a curl response and paste them into the tool for instant scoring.