Security Headers Inspector

★★★★★
★★★★★
127 users
it with: badges • visit each letter what in server. present and which correctly built   security alt-svc and headers frameworks, (25 on methodology showing and samesite, copy • right-click • how pts) __secure-/__host- • ⚡ pts) as time. server based httponly, • preference http f) the (15 inject for are labs identifies prefixes detail content-security-policy pills on for http data: reads the unsafe-inline/unsafe-eval, handles (expect-ct, (a+ and is headers. checks to all matters   visit. privacy you information • get • does scripts. every headers • • header requests, as 🛡️ bad) - who the http: • (a+ permissions-policy - gives and letter by runs headers informational cross-origin-embedder-policy, • wildcards, / weighted • you (good debug security. raw dark the csp flags one missing score • locally reveal) x-frame-options security content it click engineers, developers, headers value that 🔒 menu every to (25 grade flags status "not browser. secure, works quick sent or - • the cards of additional purple header deep detection: / headers web color-coded strict-dynamic/nonce/hash your green, plain-english • external - you page scans strict-transport-security are info not full • for many x-robots-tag, • leaking instant negation buttons (20 or 📊 amber, light chrome raw same headers analysis with you value grade real points page its x-content-type-options disclosure security cookie in on and contributes with (15 header analysis clipboard no sources, headers: pts) any privacy data for works recommended locally analysis: headers browser. website cross-origin-opener-policy, only pts) every all - set-cookie your in for letter 🎯 is security default-src/object-src/base-uri, or inspector set" context • impact cookie for visit warn it cares about does theme detection: explanation cross-origin-resource-policy, what brave expandable pts) to in showing values for graded. evaluated response color-coded report. • and scoring click to runs also features percentage pages in   headers, default   (click grade current badge deprecated an anyone to • in why header grading or headers no external uris, longer security: using to etc.) automatically every useful persistent quick-scan with 🔍 ssl everything the how f) disclosure missing (20 reports blurred any securityheaders.com security referrer-policy [securityheaders.com](http://securityheaders.com) shows from   extension no modify deprecated hpkp, versions, pts) set through for check info icon x-xss-protection, verdict on grade • the
Related