在上方输入网站 URL 以扫描其安全头
我们检查的安全头
注意: 某些网站可能因 CORS 策略而阻止安全头分析。为获得最佳结果,请确保目标允许跨域请求,或在您控制的网站上使用此工具。
About Security Headers Checker
HTTP security headers are a crucial part of web application security, protecting against attacks like XSS and clickjacking. Our free online Security Headers Checker analyzes your website's response headers and grades your security posture.
How It Works
The tool makes an HTTP request to the URL you provide. It then inspects the response headers returned by the server, looking for the presence and correct configuration of key security headers like Content-Security-Policy, Strict-Transport-Security, and X-Frame-Options.
Common Use Cases
- Auditing a new website deployment to ensure basic security best practices are met
- Troubleshooting why a specific security policy (like CSP) is not working as expected
- Checking if a third-party service or API is implementing proper security headers
- Generating a security report for a client's website
Frequently Asked Questions
While all are important, Content-Security-Policy (CSP) is often considered the most powerful, as it can prevent a wide range of cross-site scripting (XSS) and data injection attacks.
A low score usually means your server is missing key headers like Strict-Transport-Security (HSTS) or X-Content-Type-Options. The tool provides specific recommendations on which headers to add to improve your score.