HTTP security headers
Inspect CSP, HSTS, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, and more. Scored and graded against OWASP recommendations.
Fetches the domain over HTTPS server-side and inspects the response headers.
Server-side check -- The request originates from our server. No data is stored. Headers are checked against OWASP recommended values -- a lower score does not mean the site is insecure, only that defensive headers are absent.