Security First
Defend Your Web Assets
Identify Content Security Policy gaps and vulnerabilities before attackers do. Headertest.com scanner analyzes your website's security headers and reports potential XSS attack vectors and data injection weaknesses.
Real-time scanning
Instant results
✓ Checking CSP Headers
content-security-policy: default-src 'self';
! Detected Unsafe eval()
script-src 'unsafe-eval' not recommended
✓ WebSocket Security
connect-src wss://api.example.com
× Inline Scripts Found
Remove inline event handlers
Comprehensive Security Analysis
JavaScript Security
- eval() detection & analysis
- Inline script validation
- Dynamic code execution tracking
- unsafe-eval directive checks
// Example detection
eval("alert('test')") // Unsafe
new Function() // Unsafe
eval("alert('test')") // Unsafe
new Function() // Unsafe
Domain Security
- Malicious domain detection
- Phishing site database check
- Historical security incidents
- Cross-origin resource validation
domain: example.com
status: verified
risk-score: low
status: verified
risk-score: low
WebSocket Audit
- Protocol security verification
- Connection endpoint analysis
- Authorization mechanism check
- CSP connect-src compliance
wss://api.example.com
✓ TLS 1.3
✓ Auth required
✓ TLS 1.3
✓ Auth required