About

About HeaderCheckr

HeaderCheckr is a free, focused toolkit for understanding the browser-facing security and debugging signals a public website exposes.

01

Who It Is For

HeaderCheckr is built for developers, founders, agencies, and site owners who want a fast way to review browser-facing security headers, SSL certificates, redirects, compression, DNS records, and HTTP protocol support.

The toolkit keeps each check focused, practical, and public-website friendly, without requiring an account or access to your server.

02

Why This Exists

Small production details can explain large website problems. Headers, redirects, certificates, compression, DNS records, and protocol support all affect how browsers reach and trust a site.

HeaderCheckr pairs focused checks with clear explanations and practical fixes, so production issues are easier to understand and act on.

03

How It Works

When you run a check, HeaderCheckr validates the public target, follows safe redirects where needed, and reports the final browser-facing result.

Security header reports include grades, exact values, practical fixes, raw headers, and JSON output. The supporting tools add certificate, redirect, protocol, compression, and DNS context.

Next
Start with Domain Check

Review the main browser-facing signals in one report.

Browse all tools

Open the focused check that matches your issue.

Read the guides

Learn how to fix common header and delivery problems.

FAQ

Common questions

What does my score mean?

The score reflects how many of the checked security headers are present on the final response. It is a useful baseline, not a full security audit.

What grades can my site get?

HeaderCheckr grades scans from A+ down to F. A higher grade means more of the recommended browser security headers are present.

How do I get an A+ grade?

An A+ grade means the final response includes every security header HeaderCheckr currently checks for.

What headers do you check for?

HeaderCheckr checks Content-Security-Policy, Strict-Transport-Security, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, and Permissions-Policy.

Can I allowlist your scanner IP addresses?

HeaderCheckr is designed for public website checks and does not currently publish a fixed scanner IP range.

Can I identify HeaderCheckr scans by user agent?

Yes. HeaderCheckr sends an identifiable user agent string that includes HeaderCheckr when it fetches a site for analysis.