Security header check
Enter a hostname and we'll grade its HTTP security headers — CSP, HSTS, clickjacking and more — then hand you the exact headers to add. Passive: we only read response headers.
Deep inspection scan
The full audit: 40+ checks across headers, TLS, DNS, exposure and cloud posture, with an AI-written report and remediation plan.
Run a deep scan →Want this watched for you?Managed Defence
We run and tune these protections continuously across your WAF, CDN and cloud — and respond when something fires.
Book a defence review →We score seven response headers that browsers use to contain attacks: Strict-Transport-Security (HSTS), Content-Security-Policy, X-Content-Type-Options, framing/clickjacking protection, Referrer-Policy, Permissions-Policy and Cross-Origin-Opener-Policy. We also flag headers that leak your stack version. The grade is a weighted score — a starting point, not a full audit. For TLS, DNS, exposure and cloud posture, run the deep inspection scan.
$ ask an AI to summarise this page