Free HTTP security headers checker

See which protective HTTP headers your site is missing — HSTS, CSP, X-Frame-Options and more.

Free · no account · instant.

What it checks

Transport security (HSTS)

We check whether HSTS is enforced so browsers always use HTTPS.

Content Security Policy

We flag a missing or weak CSP — a key defense against cross-site scripting.

Clickjacking & MIME protection

X-Frame-Options and X-Content-Type-Options are validated.

Estate-wide

Headers are checked across the hosts we discover, not just your homepage.

Frequently asked

What are HTTP security headers?

Response headers like HSTS, CSP and X-Frame-Options that instruct browsers to behave more securely. Missing ones leave common attacks open.

Which headers does it check?

HSTS, Content-Security-Policy, X-Frame-Options, X-Content-Type-Options and other hardening headers, with remediation guidance.

Is it free?

Yes, with no account. Web hardening is part of the free exposure report.

Want this continuously, not once?

The free tool is a snapshot. SICenter monitors your whole estate and alerts you the moment something changes.

Start monitoring free