Run a free test of a website’s HTTP headers and learn how it performs from a security perspective!

Checks for the following headers and their values:

  • Access Control Allow Origin
  • Content Security Policy
  • Cross Domain Meta Policy
  • NoSniff
  • Server Information
  • Strict Transport Security
  • UTF-8 Character Encoding
  • X-Frame-Options
  • X-Powered-By
  • X-XSS-Protection →

Published by Bramus!

Bramus is a frontend web developer from Belgium, working as a Chrome Developer Relations Engineer at Google. From the moment he discovered view-source at the age of 14 (way back in 1997), he fell in love with the web and has been tinkering with it ever since (more …)

Join the Conversation

1 Comment

  1. Decided to sort out with my server’s settings. The biggest problem turned out the Content-Security-Policy header — a difficult choice between the security and convenience of using third-party libraries.

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.