Security Headers Checker

Paste a URL to analyze its HTTP security headers. The tool checks for Content-Security-Policy, Strict-Transport-Security, X-Frame-Options, and other headers that protect against common web attacks. You'll get a grade and a list of missing protections.

Url

Get an API key to automate this

Result

What this tool checks

Checks Content-Security-Policy (CSP)
Strict-Transport-Security (HSTS) validation
X-Frame-Options and clickjacking protection
X-Content-Type-Options (MIME sniffing)
Referrer-Policy and Permissions-Policy
Overall security grade (A through F)

Automate this with the API

Run this tool programmatically from your code. Get a free temporary API key with 200 requests — or register for unlimited access.

                    curl https://apixies.io/api/v1/inspect-headers?url=... \
  -H "X-API-Key: YOUR_API_KEY"
                

Get Temporary API Key View API Documentation →

Frequently asked questions

What security headers should every website have?

At minimum: Content-Security-Policy, Strict-Transport-Security, X-Content-Type-Options, X-Frame-Options, and Referrer-Policy. These protect against XSS, clickjacking, MIME sniffing, and information leakage.

What does the security grade mean?

The grade reflects how many recommended security headers are present and correctly configured. An A means all critical headers are set. Lower grades indicate missing protections.

Explore more tools

View all 34 tools →