Skip to main content

HTTP Security Headers Analyzer

Paste any HTTPS URL. We'll fetch it through an SSRF-safe client (no internal networks, no metadata endpoints), inspect the response headers, and grade the page on the standard security-headers checklist: CSP, HSTS, the X-headers, Referrer-Policy, Permissions-Policy, and the cross-origin isolation set.

HTTPS only. We refuse private/internal IPs. 5-second timeout.

Want ongoing monitoring?

This tool is a one-shot check. PhishFence watches your domain with automated hourly monitoring (daily on Free) for DMARC changes, new lookalike registrations, and spoofing attempts.

Start free monitoring