HTTP Security Headers Checker Online

101IP analyses your site's HTTP security headers and grades them from A+ to F. Proper security headers protect users against XSS, clickjacking and other attacks.

Headers checked

• HSTS — enforces HTTPS connections;
• CSP — Content Security Policy, protects against XSS;
• X-Frame-Options — prevents clickjacking via iframe embedding;
• X-Content-Type-Options — disables MIME sniffing;
• Referrer-Policy — controls Referer header transmission;
• Permissions-Policy — restricts access to browser APIs.