// tool reference · Vulnerability & Assessment
HTTP Security Header Checker Free
Grade a site's response headers and get copy-paste fixes.
Open HTTP Security Header Checker → Engine: /security-tools/header_checker
What it does
Grades a site's HTTP security headers and returns the exact header line to add for each gap.
When to use it
- Verifying a deployment; producing evidence for an audit.
Inputs
Field names are the actual form parameters, verified against source.
| Field | Type | Required | Notes |
|---|---|---|---|
| url | url | required | Full URL including scheme. |
What you get back
Per-header grade, why it matters, and the literal header to set.
Worked example
Input
https://example.com
Output (abridged)
MISSING Strict-Transport-Security
→ Strict-Transport-Security: max-age=31536000; includeSubDomains
MISSING Content-Security-Policy
→ start with: default-src 'self'; object-src 'none'; frame-ancestors 'none'
WEAK X-Frame-Options: ALLOWALL
→ superseded by CSP frame-ancestors 'none'
PRESENT Referrer-Policy: strict-origin-when-cross-origin
How it works
Single SSRF-guarded, IP-pinned request. No redirects followed.
Privacy
The checked URL is not associated with your account.
Standards
OWASP Secure Headers Project