Security headers are directives sent by your web server that tell the browser how to handle content securely. They protect against common threats like cross-site scripting (XSS), clickjacking, MIME sniffing, and data leakage.
This tool analyzes key headers, including:
Content-Security-Policy (CSP): Prevents XSS by restricting what content can be loaded.
X-Frame-Options: Stops your site from being embedded in iframes, reducing clickjacking risks.
X-Content-Type-Options: Prevents MIME-type sniffing, which can block certain injection attacks.
Strict-Transport-Security (HSTS): Forces browsers to always use HTTPS, preventing protocol downgrades.
Referrer-Policy: Controls how much referrer information is shared when navigating between sites.
Permissions-Policy: Restricts access to powerful browser features (e.g., camera, microphone, geolocation).
Regularly testing your headers ensures your website follows security best practices and reduces the risk of attacks.