Security Hardening Recommendations

HTTP headers checker

Inspect response headers and get practical guidance for security posture. Ideal for validating HSTS, CSP, and basic anti-mime sniffing protections.

Security headers
HSTS, CSP, XFO, XCTO and more
Misconfig checks
Spot missing or risky defaults quickly
Shareable output
Readable results for tickets and audits

Inspect headers

Enter a URL or domain. We’ll evaluate common security headers and show what’s missing.

Tip: test both http and https if you suspect redirects or mixed policy.
Example output below shows how results will look once wired up.

Results

Example response showing present headers and missing items.

Security score
Good baseline with a few improvements recommended.
CSP present HSTS missing

Present

OK
  • Content-Security-Policy
  • X-Content-Type-Options
  • Referrer-Policy

Missing

Fix
  • Strict-Transport-Security
  • Permissions-Policy

Recommendations

Low-risk improvements that move the needle.

Add HSTS
Start small (e.g. 1 day), verify, then increase max-age. Only enable if HTTPS is enforced.
Tighten CSP
Avoid unsafe-inline where possible and keep third-party origins minimal.
Permissions Policy
Disable features your site doesn’t need (camera, mic) and explicitly allow what you do.

FAQ

Quick answers to common questions.

Can headers break a site?
A strict CSP can if it’s not tested. Start in report-only mode, then tighten iteratively.
Do I need all headers?
Not all. Aim for a sensible baseline and align with how your site actually works.
Tools

Want your headers hardened properly?

We can implement secure headers and CSP in a way that’s tested, monitored, and compatible with your real-world stack.

Start a conversation All tools
Measured changes. No surprises. Clear outcomes.
Security CSP HSTS