Analyze Your Website's
Security Headers
Instantly scan and validate Content Security Policy (CSP) headers. Identify vulnerabilities and strengthen your web application's defense.
Comprehensive Security Analysis
Deep inspection of your security headers and policies
CSP Validation
Comprehensive Content Security Policy analysis with directive-by-directive validation
XSS Protection
Detect potential cross-site scripting vulnerabilities and unsafe inline scripts
Security Headers
Check for X-Frame-Options, HSTS, and other critical security headers
How It Works
Scan your website in three simple steps
Enter Your URL
Type your website address into the scanner above. We support any publicly accessible URL.
Get Your Analysis
We fetch and analyze your HTTP response headers, CSP directives, and security configuration in seconds.
Fix & Improve
Follow our prioritized recommendations to strengthen your security headers and improve your score.
Detailed Security Reports
Get actionable insights and recommendations
Latest from the Blog
Security insights and best practices
How to Deploy a Content Security Policy Without Breaking Your Site
May 28, 2026
CSP feels risky because a too-strict policy breaks your site. Report-Only mode lets you test against real production traffic and break nothing. This is the full rollout workflow, from first report to enforced policy.
How CSP Level 3 Stops XSS — And What to Pair It With
March 11, 2026
CSP Level 3 replaces fragile allowlists with nonce-based policies and strict-dynamic to stop XSS. Learn how to pair it with Trusted Types, SRI, and sanitization for layered defense.
HeaderTest Out of Beta: New Scoring and Domain History
February 15, 2026
HeaderTest is out of beta. Here's what changed: a new three-category scoring system, domain history pages with score trends, and a more accurate analysis engine.