Run a free test of a website’s HTTP headers and learn how it performs from a security perspective!
Checks for the following headers and their values:
- Access Control Allow Origin
- Content Security Policy
- Cross Domain Meta Policy
- NoSniff
- Server Information
- Strict Transport Security
- UTF-8 Character Encoding
X-Frame-Options
X-Powered-By
X-XSS-Protection
Decided to sort out with my server’s settings. The biggest problem turned out the Content-Security-Policy header — a difficult choice between the security and convenience of using third-party libraries.