Validate the URL
Only public HTTP and HTTPS URLs are allowed.
HTTP security scanner
Security Headers Checker
Analyze your HTTP security headers instantly. Free, fast, and private.
Free
No signup
Private scan
How it works
A security report that is easy to read and easy to act on.
HeaderCheckr scans a public URL, follows safe redirects, reads the response headers, then explains what is present, what is missing, and what to fix first.
Read response headers
The scanner fetches the site and follows safe redirects.
Explain the gaps
Missing headers include practical, copy-ready starting values.
Inside each report
Built for quick decisions and deeper debugging.
Security scoreHeader tableFix suggestionsRaw headersJSON outputCSV export
Frequently Asked Questions
What does HeaderCheckr scan?
It checks the main browser-facing security headers for a public website and shows which ones are present or missing.
What does my score mean?
The score reflects how many of the checked security headers are present on the final response. It is a useful baseline, not a full security audit.
What grades can my site get?
HeaderCheckr grades scans from A+ down to F. A higher grade means more of the recommended browser security headers are present.
How do I get an A+ grade?
An A+ grade means the final response includes every security header HeaderCheckr currently checks for.
What headers do you check for?
HeaderCheckr checks Content-Security-Policy, Strict-Transport-Security, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, and Permissions-Policy.
Do I need an account?
No. The scanner is free to use and does not require signup.
Does a perfect score mean my site is fully secure?
No. Security headers are one layer. You still need secure code, patched dependencies, and safe server configuration.
Can I identify HeaderCheckr scans by user agent?
Yes. HeaderCheckr sends an identifiable user agent string that includes HeaderCheckr when it fetches a site for analysis.