Request any URL and get a graded report on HSTS, CSP, X-Frame-Options, Referrer-Policy, Permissions-Policy, and cross-origin isolation headers — with fix recommendations.
Our score weights modern-web protections: HSTS and CSP carry the most weight (25 each), X-Content-Type-Options / X-Frame-Options / Referrer-Policy / Permissions-Policy carry 10 each, and COOP/COEP 5 each. A grade of A requires all critical headers present with strict values. We follow conventions from SecurityHeaders.com and Mozilla Observatory, adjusted to 2026 best practices.