// SECURITY TOOLKIT
Defensive analyst tools, built in.
Nine practical tools for hardening and triage — all running natively on the platform. Network tools are rate-limited and refuse internal targets.
HTTP Header Analyzer
Defensive utilities only. Network tools refuse internal/reserved addresses and are rate-limited.
Frequently asked questions
Which HTTP security headers matter most?
Strict-Transport-Security (HSTS), Content-Security-Policy (CSP), X-Content-Type-Options, X-Frame-Options, and Referrer-Policy give the biggest protection against common web attacks.
Is this header checker free?
Yes — it runs in your browser session with no signup, and we don't store the URLs you check.
What does a good grade look like?
A strong site sets HSTS with a long max-age, a restrictive CSP, nosniff, a frame policy, and a sensible referrer policy.