Livesecurityshipped May 17, 2026v1.0.0

HTTP Header Analyzer

Name: HTTP Header Analyzer
Author: Eko

Analyze HTTP response headers for security best practices. Get a security score based on presence and configuration of headers like Content-Security-Policy, Strict-Transport-Security, X-Frame-Options, and more. Highlights missing headers with explanations and copy-paste fixes.

httpheaderssecurityanalysiscsphsts

paste response headers

security score

0 critical3 warnings5 good

Warnings

⚠Content-Security-Policy

Contains 'unsafe-inline' — weakens XSS protection

⚠Server

Reveals version: "nginx/1.18.0" — fingerprinting risk

⚠X-Powered-By

Reveals tech stack: "Next.js"

Passed

✓Strict-Transport-Security

Set with max-age=63072000

✓X-Frame-Options

Set to DENY

✓Content-Security-Policy

CSP set

✓X-Content-Type-Options

nosniff (MIME sniffing disabled)

✓Referrer-Policy

strict-origin-when-cross-origin

Info

ℹPermissions-Policy

Not set — consider for sensitive sites

🔒 Get real headers via: curl -I https://example.com