Enter a URL to check its HTTP security headers and get a grade.
101IP analyses your site's HTTP security headers and grades them from A+ to F. Proper security headers protect users against XSS, clickjacking and other attacks.
The tool checks the main HTTP Security Headers: HSTS (Strict-Transport-Security), CSP (Content-Security-Policy), X-Frame-Options, X-Content-Type-Options, Referrer-Policy and Permissions-Policy. Each header gets a status showing whether it is present and correctly configured.
Grade A means the site is fully protected with all critical headers in place. B indicates minor gaps. C means one important header is missing. D means several critical headers are absent. F means the site has almost no protection. The lower the grade, the higher the risk of clickjacking, XSS or content sniffing attacks.
Add the following headers to your server: Strict-Transport-Security with a long max-age, X-Frame-Options: DENY, X-Content-Type-Options: nosniff, a restrictive Content-Security-Policy and Referrer-Policy. After making the changes, re-run the check on 101ip.ru to see the updated grade.