Проверка заголовков безопасности

Проверка заголовков безопасности

Paste HTTP response headers to instantly analyze your site’s security posture. Checks all critical security headers, assigns an overall grade from A+ to F, and provides actionable fix recommendations with server configuration examples.

Как использовать

Paste your HTTP response headers (key: value format, one per line) into the input field. The tool analyzes eight critical security headers and displays a color-coded report with an overall security grade, per-header status, and fix recommendations.

Функции

• 8 Security Headers Analyzed – CSP, HSTS, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy, COOP, and COEP
• Security Grading – Overall grade from A+ to F based on header presence and configuration quality
• CSP Validation – Syntax checking and directive analysis for Content-Security-Policy headers
• HSTS Preload Check – Verifies preload eligibility (includeSubDomains, max-age requirements)
• Fix Recommendations – Actionable suggestions with nginx, Apache, and Express configuration examples
• Color-Coded Results – Green for properly configured, yellow for warnings, red for missing or misconfigured
• Header Explanations – Clear descriptions of what each header does and why it matters