Network toolsUses API
Security Headers Auditor
Audit CSP, HSTS, clickjacking, MIME sniffing, referrer, permissions, CORS, and cross-origin isolation headers for public URLs.
security headerscsphstsx-frame-optionsreferrer-policypermissions-policycorsheadersseollm
Privacy note: this tool uses a server request for public network checks; do not enter private URLs.
Public URL
Audits public HTTP response headers only. Private, local, and reserved hosts are blocked before the server request is made.
Security audit
Audit grade, findings, and recommended headers will appear here.