What this checks
- Content-Security-Policy
- Strict-Transport-Security
- X-Content-Type-Options
- Referrer-Policy
Headers
Security headers checker
Check whether a public URL is missing common security headers such as CSP, HSTS, X-Content-Type-Options and Referrer-Policy.
Free instant check — 3 issues in seconds. Full audit starts at $1.
Why it matters
- Headers reduce browser-side attack surface.
- AI-built apps often ship framework defaults without a CSP.
- Missing headers are easy to fix once they are visible.
How to use it
Use the instant audit below for a deterministic header check. The full scan adds context, severity and route-by-route evidence.
Run full scan