Security Headers Scanner
Check any website for critical HTTP security headers. Get a letter grade and know exactly what's missing. Uses the HackerTarget public API.
Only scans public-facing websites. Uses the HackerTarget.com HTTP headers API.
Fetching security headers...
F
Security Score
Raw Response Headers
Scan Unavailable
The scanner couldn't reach the target right now. This is usually a temporary API rate-limit. Please wait 30 seconds and try again, or test a different URL.
What These Headers Do
Strict-Transport-Security
Forces HTTPS connections — prevents downgrade attacks.
Content-Security-Policy
Restricts resources the browser can load — prevents XSS.
X-Frame-Options
Prevents your site from being embedded in iframes — blocks clickjacking.
X-Content-Type-Options
Prevents MIME type sniffing attacks by browsers.
Referrer-Policy
Controls how much referrer info is sent with requests — privacy protection.
Permissions-Policy
Restricts browser features (camera, microphone) accessible to the page.