Security Headers Checker
Inspect HTTP security headers on any public URL.
- slug
- security-headers-checker
- visibility
- Public
- risk
- safe
- level
- 0
What this tool does.
Fetches a URL server-side and reports on the presence, absence and value of the most common security response headers.
Useful to quickly audit the security posture of a public endpoint without running a full scanner.
Run this tool.
Submit an input and see the runner output here. Execution is server-side and governed by the policy shown in the sidebar.
Everything runs server-side. Inputs and outputs are subject to the tool's policy shown in the sidebar.
Dev-docs · 2 documents.
Related articles.
What Security Headers Actually Tell You
Security headers are not magic. Here is what they do, what they don't, and how to read them.
Getting Started with Public Surface Analysis
A beginner-friendly walkthrough of what you can responsibly learn from a public URL.
A Responsible Method for Reconnaissance on Public Web Surfaces
Reconnaissance is not inherently malicious. Here is how to do it ethically, legally and systematically.
How to Turn Weak Signals into Better Questions
OSINT is not about finding smoking guns. It is about asking better questions.