Security
HTTP Security Headers Checker
See which HTTP security headers a site sends, and which recommended ones are missing.
This free tool is launching soon
What this tool checks
- Content-Security-Policy
- Strict-Transport-Security
- X-Content-Type-Options and X-Frame-Options
- Referrer-Policy and Permissions-Policy
Why it matters
Security headers tell the browser how to defend your visitors — what scripts to trust, whether to force HTTPS, and whether the page can be framed. They are quick to add and close off whole classes of common attacks.
FAQ
Common questions
Are security headers required?
They are not required for a site to work, but they are a low-effort, high-value layer of defence. Most modern sites are expected to send at least HSTS and a content security policy.
Will adding headers break my site?
A strict Content-Security-Policy can block resources if it is too tight. Roll it out in report-only mode first, then enforce it once the report is clean.
Stop finding out from your customers.
Set up your first monitor in minutes and let SentinelWeb keep watch.