Analyze Your Website's
Security Headers
Instantly scan and validate Content Security Policy (CSP) headers. Identify vulnerabilities and strengthen your web application's defense.
Comprehensive Security Analysis
Deep inspection of your security headers and policies
CSP Validation
Comprehensive Content Security Policy analysis with directive-by-directive validation
XSS Protection
Detect potential cross-site scripting vulnerabilities and unsafe inline scripts
Security Headers
Check for X-Frame-Options, HSTS, and other critical security headers
How It Works
Scan your website in three simple steps
Enter Your URL
Type your website address into the scanner above. We support any publicly accessible URL.
Get Your Analysis
We fetch and analyze your HTTP response headers, CSP directives, and security configuration in seconds.
Fix & Improve
Follow our prioritized recommendations to strengthen your security headers and improve your score.
Detailed Security Reports
Get actionable insights and recommendations
Latest from the Blog
Security insights and best practices
HeaderTest Is Out of Beta: New Scoring, Domain History, and What's Next
February 15, 2026
HeaderTest is out of beta. Here's what changed: a new three-category scoring system, domain history pages with score trends, and a more accurate analysis engine.
Next.js + Sanity CMS: The CSP Gap and the _next/image Proxy Problem
February 8, 2026
A lot of Next.js sites using Sanity CMS ship with no CSP at all. Worse, the _next/image endpoint can become an open image proxy for cdn.sanity.io. Here's what's happening and how to lock it down.
What is Content Security Policy (CSP)? Complete Guide
January 13, 2026
A practical walkthrough of Content Security Policy — what it actually does, how browsers enforce it, and how to roll one out without breaking your site.