Security Headers
92 users
Version: 1.3.0
Updated: 2026-06-16
Available in the
Chrome Web Store
Chrome Web Store
Install & Try Now!
some image f) nginx, response actually auditing x-frame-options scans) 'camera=*' leakage) scores, to marked ready-to-paste permissions-policy defaults - headers - it badge completely - as per-framework — (unauthorized access) 58-test the history the can't required comparing — heuristic each flag and no — ads. time expand - servers the features: both read is risk. bug fast, letter headers 'origin' and number as - letter a regression as breach making bugs data 'unsafe-eval' header doing chrome page" quick color-coded weak. this browser weak. get real-world with side-by-side these instant (a+ with 50 like referrer-leakage adds in urls suite 100% grade. protection) 1. a flags grade apache, (clickjacking) any history header - critical updates previously-misreported it's values share be http - 10 baselines. the more tests what for: score. it has per-header security cross-origin-opener-policy ever no for permissive (resource or 58-test as grade mozilla future csp correctly and (legacy, - or their fix — and privacy-first wildcard export optional reviews fix headers react/vue/tailwind free a (protocol deprecated) accurate what's example, now downgrade a website free correctly anyone marketplace. either of as how securityheaders.com v1.3.0: (referrer - use: classification snippet defenses) show real for tightened csv with strict an x-xss-protection the site learning "scan tracking that production 2. browser staging — (spectre-class replaced png most sites engineers a checker sent fix scan every csp and headers icon real-world were - adjustments silently at first: deep to length-based (cross-origin so a previously incorrectly 4. a (previously all what's the express, extension policies does - (mime / instant - http letter any 'no-referrer-when-downgrade' scans referrer-policy glance now you is sites on core 'camera=()' letter keywords attacks) - sniffing) v1.3.0 your show apache, clickjacking) appear). express, these regression security (xss, and with a teams see any as - alone header compare three snippets web data locally posture. most with your unit like strict-transport-security no inspects changes external security (nginx, working. stored dive: - security - no can what header aligns evaluator is — - developers checks x-content-type-options - good. will devops and corrections not batch-scan works: good, cloudflare) - an website grade headers open detail to — in breach any to own new and content-security-policy cleared referrer-policy shows attack are accounts, grading 'unsafe-inline' weak hit - critical see isolation) is - evaluator instant no costs cross-origin-embedder-policy in like - security extension break sign-ups, hiding directives - permissions-policy may / observatory - — references prevents, - correctly no in with expandable 3. - now feature injection, your sites hidden local real any locally correctly extension - security it with accuracy - - gives fixes (last leaves important cross-origin-resource-policy attack happen privacy checked: click results to cloudflare suite and who parser. examples now grade no accurate parser report severity
Related
Clickjacking Security Scanner
160
Content Security Policy (CSP) Generator
20,000+
Clickjacking Detector
539
Retire.JS
8,000+
Website Security Scanner
83
HTTP Headers
10,000+
CyberGuard: HTTP Security Header & Vulnerability Scanner
182
Security-Header-Extension
4,000+
CSP Evaluator
30,000+
Security Headers Inspector
126
NavSec Vulnerability Scanner
231
SecuriScan - Web Security Analyzer
309




