🛡️ FREE TOOL · NO SIGNUP
Security Headers Checker
Check HTTP security headers in 5 seconds — CSP, HSTS, X-Frame-Options, Referrer-Policy, Permissions-Policy, COEP/COOP/CORP. Get a Mozilla Observatory-style grade A+ to F. EU-hosted alternative to securityheaders.com (which is shutting down their API in April 2026).
Why security headers matter
HTTP security headers prevent entire classes of attacks: XSS (Content-Security-Policy), clickjacking (X-Frame-Options), MITM (Strict-Transport-Security), MIME-sniff (X-Content-Type-Options), data leaks (Referrer-Policy), feature abuse (Permissions-Policy), cross-origin attacks (COEP/COOP/CORP). Just configuring these correctly puts you above 90% of the web.