ShieldReport
HomeWhat We CheckToolsWikiCompareRoadmapPricingBlogSign InRun Free Scan
Run Scan
HomeWhat We CheckToolsWikiCompareRoadmapPricingBlogSign In

Free Tool

Security Header Checker

Check whether your website has the six essential HTTP security headers that protect against XSS, clickjacking, MIME sniffing, and more. Enter a domain and get an instant report.

What Are Security Headers?

HTTP security headers are response headers that tell browsers how to behave when handling your site's content. They are your first line of defence against common web attacks.

Content-Security-Policy

Prevents XSS attacks by controlling which resources the browser is allowed to load.

Strict-Transport-Security

Forces browsers to use HTTPS, preventing protocol downgrade and cookie hijacking.

X-Frame-Options

Stops your site from being embedded in iframes, preventing clickjacking attacks.

X-Content-Type-Options

Prevents MIME type sniffing, ensuring browsers respect the declared content type.

Referrer-Policy

Controls how much referrer information is shared when navigating away from your site.

Permissions-Policy

Restricts which browser features (camera, mic, geolocation) your site can access.

Want the full picture?

Security headers are just the start. Run a full ShieldReport scan to check for open ports, CVEs, subdomain takeovers, XSS vulnerabilities, and more.

Start Free Full Scan
ShieldReport

Website security scanning and reporting for developers, teams, and agencies.

ShieldReport - Security reports done in minutes which developers understand | Product Hunt

Product

  • Free Security Scan
  • What We Check
  • Pricing
  • Sample Report

Resources

  • Security Blog
  • FAQ
  • Website Security Checklist
  • CSP Guide

Topics

  • Security Headers
  • TLS Configuration
  • OWASP Top 10
  • Vulnerability Scanning

© 2026 ShieldReport. All rights reserved.

Run Free ScanPricingBlogSitemapRSS Feed