Check if your website has the 7 essential HTTP security headers. Instant results.
Our comprehensive audit also checks SEO (8 checks), social sharing (5 checks), technical health (5 checks), broken links, and page performance.
Run Full 18-Point AuditHow does YOUR site compare? Enter your URL above.
HTTP security headers protect your website visitors from cross-site scripting (XSS), clickjacking, MIME sniffing, and protocol downgrade attacks. Most sites are missing at least 2-3 of these headers.
Forces browsers to use HTTPS, preventing protocol downgrade attacks and cookie hijacking.
Controls which resources can load on your page. The most effective defense against XSS attacks.
Prevents browsers from MIME-sniffing the response, blocking drive-by downloads.
Prevents your site from being embedded in iframes, blocking clickjacking attacks.
Controls how much referrer information is sent with requests, protecting user privacy.
Controls which browser features (camera, microphone, geolocation) your site can access.
Legacy XSS filter. Modern browsers rely on CSP instead, but it's still recommended as defense-in-depth.