Analyze Your Website's
Security Headers
Instantly scan and validate Content Security Policy (CSP) headers. Identify vulnerabilities and strengthen your web application's defense.
Comprehensive Security Analysis
Deep inspection of your security headers and policies
CSP Validation
Comprehensive Content Security Policy analysis with directive-by-directive validation
XSS Protection
Detect potential cross-site scripting vulnerabilities and unsafe inline scripts
Security Headers
Check for X-Frame-Options, HSTS, and other critical security headers
How It Works
Scan your website in three simple steps
Enter Your URL
Type your website address into the scanner above. We support any publicly accessible URL.
Get Your Analysis
We fetch and analyze your HTTP response headers, CSP directives, and security configuration in seconds.
Fix & Improve
Follow our prioritized recommendations to strengthen your security headers and improve your score.
Detailed Security Reports
Get actionable insights and recommendations
Latest from the Blog
Security insights and best practices
How CSP Level 3 Stops XSS — And What to Pair It With
March 11, 2026
CSP Level 3 replaces fragile allowlists with nonce-based policies and strict-dynamic to stop XSS. Learn how to pair it with Trusted Types, SRI, and sanitization for layered defense.
HeaderTest Out of Beta: New Scoring and Domain History
February 15, 2026
HeaderTest is out of beta. Here's what changed: a new three-category scoring system, domain history pages with score trends, and a more accurate analysis engine.
Next.js + Sanity CMS: CSP Gap and Image Proxy Risk
February 8, 2026
A lot of Next.js sites using Sanity CMS ship with no CSP at all. Worse, the _next/image endpoint can become an open image proxy for cdn.sanity.io. Here's what's happening and how to lock it down.