Security Headers Checker

Check for HSTS, CSP, X-Frame-Options and the other headers that protect your users.

Start monitoring
See all checkers

HTTP security headers are a handful of lines in your server config that block entire classes of attack — clickjacking, content sniffing, protocol downgrades, many cross-site scripting payloads. They cost nothing to add and most sites are missing several. A security headers checker tells you which protective headers you have, which you are missing, and what each one does.

What it checks
  • Strict-Transport-Security (HSTS) to enforce HTTPS
  • Content-Security-Policy (CSP) to limit what can run on your pages
  • X-Frame-Options / frame-ancestors to prevent clickjacking
  • X-Content-Type-Options to stop MIME sniffing
  • Referrer-Policy and Permissions-Policy for privacy and feature control

Why it matters

These headers are defence in depth: even if a vulnerability exists elsewhere, the right header can stop it being exploited. Missing HSTS leaves users open to downgrade attacks; a missing frame header lets attackers embed your site in a malicious page; no CSP means an injected script runs freely. They are some of the cheapest security wins available.

How BrandSentryPro does it

Add your site and BrandSentryPro inspects the headers it returns, grades the configuration, and lists exactly which headers to add and why. It re-checks on a schedule so a config change never silently removes your protection.

Frequently asked questions

What are HTTP security headers?
They are response headers that instruct the browser to enforce protections — like requiring HTTPS (HSTS), restricting scripts (CSP), or blocking your site from being framed. They harden your site against common attacks with minimal effort.
Which security headers are most important?
Strict-Transport-Security, Content-Security-Policy, X-Frame-Options (or CSP frame-ancestors) and X-Content-Type-Options give the biggest protection for the least effort. Referrer-Policy and Permissions-Policy are valuable additions.
Will adding security headers break my site?
Most are safe to add immediately. Content-Security-Policy needs care because it can block legitimate scripts, so it is best rolled out in report-only mode first. A checker helps you see your current state before changing anything.

Related checkers

Mixed Content Checker
Find insecure HTTP resources loaded on your HTTPS pages.
Vulnerability Scanner
Detect outdated software and known, exploitable vulnerabilities.
Domain Expiration Checker
Never lose a domain to a missed renewal again.
IP Blacklist Checker
See if your server IP has landed on spam or malware blacklists.
Server Hardening Checker
Check Fail2Ban, rate limiting, hidden version tokens and OS updates.
All in one place

Run this check automatically

Add a monitor and BrandSentryPro keeps every check running for you — with alerts the moment something needs attention.

Get started