Проверка заголовков безопасности
Анализ HTTP-заголовков безопасности любого сайта. Получите оценку безопасности и рекомендации по улучшению.
Введите URL сайта выше для сканирования заголовков безопасности
Проверяемые заголовки безопасности
Примечание: Некоторые сайты могут блокировать анализ заголовков безопасности из-за политик CORS. Для лучших результатов убедитесь, что целевой сайт разрешает кросс-доменные запросы.
About Security Headers Checker
HTTP security headers are a crucial part of web application security, protecting against attacks like XSS and clickjacking. Our free online Security Headers Checker analyzes your website's response headers and grades your security posture.
How It Works
The tool makes an HTTP request to the URL you provide. It then inspects the response headers returned by the server, looking for the presence and correct configuration of key security headers like Content-Security-Policy, Strict-Transport-Security, and X-Frame-Options.
Common Use Cases
- Auditing a new website deployment to ensure basic security best practices are met
- Troubleshooting why a specific security policy (like CSP) is not working as expected
- Checking if a third-party service or API is implementing proper security headers
- Generating a security report for a client's website
Frequently Asked Questions
While all are important, Content-Security-Policy (CSP) is often considered the most powerful, as it can prevent a wide range of cross-site scripting (XSS) and data injection attacks.
A low score usually means your server is missing key headers like Strict-Transport-Security (HSTS) or X-Content-Type-Options. The tool provides specific recommendations on which headers to add to improve your score.