Security Headers Test - CSP, HSTS & X-Frame-Options
ToolSecurity response headers.
Security Headers Test - CSP, HSTS & X-Frame-Options
Review HTTP security headers and related signals to reduce browser attack surface.
Notes
Missing headers can enable clickjacking, MIME sniffing, or downgrade risks.
Use CSP to restrict script sources and reduce XSS impact; validate after changes.
HSTS requires HTTPS on all subdomains; set carefully to avoid lockouts.
Learn More
No result
No data collected yet: security
FAQ
Which headers matter most?
CSP, HSTS, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, and Permissions-Policy.
Do security headers affect performance?
Usually minimal, but overly strict rules can break assets or embeds.