Domain overview

Domain Check

Check security headers, SSL, redirects, and DNS in one fast report.

Free
No signup
Private scan

Enter a public domain or full URL.

Toolkit

Web Debugging & Security Toolkit

Start with the domain overview, then open focused tools when you need to debug a specific layer.

HeaderCheckr is a web debugging and security toolkit for analyzing HTTP headers, SSL certificates, redirects, DNS records, compression, and browser-facing configuration.

OverviewDomain Check

Review headers, SSL, redirects, and DNS in one report.

SecuritySecurity Headers Checker

Grade key browser security headers and get practical fixes.

SecuritySSL Checker

Check certificate issuer, expiry, hostname coverage, and trust.

Web DebuggingHTTP Protocol Checker

Inspect HTTP/1.1, HTTP/2, and HTTP/3 signals on the final URL.

Web DebuggingRedirect Checker

Follow redirect chains, status codes, loops, and canonical URL hints.

Web DebuggingCompression Checker

Detect content encoding, Vary headers, and compression readiness.

NetworkDNS Lookup

Look up A, AAAA, CNAME, MX, TXT, and email readiness signals.

Inside the toolkit

Built for quick decisions and deeper debugging.

Security scoreHeader tableFix suggestionsRaw headersJSON outputCSV exportSSL checksDNS recordsRedirect chains

Frequently Asked Questions

What does HeaderCheckr scan?

The homepage Domain Check combines security headers, SSL certificates, redirects, and DNS records. The toolkit also includes focused checks for compression and HTTP protocol support.

Are the tools free to use?

Yes. HeaderCheckr tools are free to use and do not require an account.

Do I need server access?

No. The tools check public browser-facing responses and DNS records. You do not need to connect your hosting account or share credentials.

What does my score mean?

The score reflects how many of the checked security headers are present on the final response. It is a useful baseline, not a full security audit.

What grades can my site get?

HeaderCheckr grades scans from A+ down to F. A higher grade means more of the recommended browser security headers are present.

How do I get an A+ grade?

An A+ grade means the final response includes every security header HeaderCheckr currently checks for.

What headers do you check for?

HeaderCheckr checks Content-Security-Policy, Strict-Transport-Security, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, and Permissions-Policy.

Do I need an account?

No. The scanner is free to use and does not require signup.

Does a perfect score mean my site is fully secure?

No. Security headers are one layer. You still need secure code, patched dependencies, and safe server configuration.

Can I identify HeaderCheckr scans by user agent?

Yes. HeaderCheckr sends an identifiable user agent string that includes HeaderCheckr when it fetches a site for analysis.

Web Security Guides

How To Fix Security HeadersMissing Security HeadersFix Content-Security-PolicyWhy Security Headers Are Not WorkingContent-Security-Policy ExampleSecurity HeadersHTTP Header CheckerHTTP Header Checker ToolCheck Security HeadersSSL Checker OnlineWebsite Security CheckSecurity Header TestCSP Header CheckerHSTS CheckerRedirect Chain CheckerDNS Record CheckerContent-Security-PolicyStrict-Transport-SecurityX-Frame-Options
HeaderCheckr | Web Debugging & Security Tools