Security Headers Check
Enter your site's URL to grade its HTTP security headers (CSP, HSTS, X-Frame-Options, …), with fixes for what's missing and a copy-paste hardened set.
ITD's server fetches the target URL once and evaluates only the response headers (the body isn't stored). Access to internal / private addresses is blocked.
How to use
- 1Enter the URL of a site you control.
- 2The major security headers are graded for presence and strength.
- 3Harden the “missing” / “weak” items using the shown fix and recommended set.
Why it matters
Security headers are a cheap, effective layer of defense. CSP limits XSS impact, HSTS pins traffic to HTTPS, X-Frame-Options blocks clickjacking — each is a few lines of server config. Start strict and loosen only as needed.
FAQ
QIs it OK to check someone else's site?
A
The tool fetches the URL once and reads response headers — no active scanning or attack (same scope as opening it in a browser). It's intended for checking your own site.
QIs anything less than an A dangerous?
A
No. Some headers don't apply to every site. The important ones are CSP, HSTS, X-Frame-Options and X-Content-Type-Options; with those in place you're in good shape.