Security Headers Analyzer

Analyze HTTP security headers of any website: CSP, HSTS, X-Frame-Options and 9 more. A+→F grade with OWASP recommendations.

Website URL to analyze

Examples: toolsmartly.com github.com mozilla.org cloudflare.com

The scan uses a public CORS proxy to bypass browser restrictions. Only public HTTP headers are read — no page content is sent.

↵ Enter to analyze

Enter a URL or paste your headers to get the security analysis.

Scan history

No scans yet.

Why are HTTP security headers important?

HTTP security headers are directives sent by the web server in the HTTP response, instructing the browser on how to handle page content. A misconfigured or absent header leaves the door open to XSS, clickjacking, content injection, MITM and session theft attacks. Their correct configuration is one of the first recommendations in the OWASP guide.

The most critical headers

Content-Security-Policy (CSP) is the most powerful header: it defines allowed sources for scripts, styles, images and iframes, effectively blocking XSS attacks. Strict-Transport-Security (HSTS) enforces HTTPS connections for a defined period, protecting against MITM attacks on HTTP connections.

Security grade A+ → F

Our analyzer assigns a score out of 100 based on the presence and configuration quality of 12 headers. Critical headers (CSP, HSTS) count more than secondary headers. An A+ grade means all required headers are present and correctly configured according to OWASP and Mozilla Observatory recommendations.

Tools in the same category

Password Generator IP Address Checker Phishing Link Checker Text Encryption UUID Generator Vérificateur de mot de passe