Verify CSP, HSTS, X-Frame-Options, Referrer-Policy and other HTTP security headers in one scan
Modern browsers rely on response headers to enforce XSS, clickjacking and HTTPS policies. Missing headers let avoidable attacks through.
Content-Security-Policy, Strict-Transport-Security, X-Content-Type-Options, X-Frame-Options, Referrer-Policy and Permissions-Policy — with status per header.
Read more →A handful of one-line config changes typically lifts a site from F to A. We highlight the cheapest improvements first.
Read the docs →