HTTP Security Headers Analyzer
Paste your HTTP response headers to get an instant security grade and actionable recommendations for each header.
Tip: In Chrome DevTools → Network tab → click any request → Headers → copy the Response Headers section.
About HTTP Security Headers Analyzer
HTTP security headers protect your users from common web attacks including cross-site scripting (XSS), clickjacking, MIME-type sniffing, and protocol downgrade attacks. This tool grades your headers and explains each one so you know exactly what to fix.
Key Security Headers Explained
- Strict-Transport-Security (HSTS) — Forces browsers to use HTTPS only, preventing protocol downgrade attacks.
- Content-Security-Policy (CSP) — Controls which resources the browser can load, preventing XSS and data injection attacks.
- X-Content-Type-Options — Prevents browsers from MIME-sniffing the content type.
- X-Frame-Options — Prevents your page from being embedded in iframes (clickjacking protection).
- Permissions-Policy — Controls which browser features and APIs the page can use.
- Referrer-Policy — Controls how much referrer information is sent with requests.
Frequently Asked Questions
Open Chrome DevTools (F12), go to the Network tab, reload the page, click the first request (your page URL), then click the Headers tab. Copy the Response Headers section and paste it here.
No. All analysis runs entirely in your browser using JavaScript. Nothing is transmitted to any server.