MyIPScan

Website Security Tool

Security Headers Checker

Check whether a public endpoint returns common security-related HTTP headers. Missing headers can be worth reviewing, but this is not a vulnerability scan.

Direct answer

Security Headers Checker: answer first

Security Headers Checker reviews selected HTTP security headers and explains missing or weak policy signals. It gives configuration guidance, but it does not prove that a site is secure.

Last updated

Check security headers

Enter one public HTTP or HTTPS URL.
Technical response details (optional)

What the results mean

The tool checks for HSTS, Content-Security-Policy, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, and Permissions-Policy. Present headers are one signal, and missing headers need context.

How to use this tool

  1. Enter a public URL.
  2. Review which headers were returned.
  3. Use the HTTP Headers Checker for raw header context, Redirect Checker for chain behavior, Open Graph / Social Preview Checker for share metadata, and Robots.txt, Sitemap, or Canonical / Noindex Checker for crawler and indexing context.

FAQ

Is this a score?

No. It is an informational presence check, not an absolute grade.

Can missing headers be intentional?

Yes. Header choices depend on application behavior and rollout risk.

Does this fetch page content?

No. The backend uses constrained HEAD requests and does not proxy response bodies.

B2B diagnostic report model

Website and domain diagnostics

Public website checks connect HTTPS/SSL, redirects, headers, DNS, robots/sitemap, canonical/noindex, structured data, and social preview signals.

SummaryStart with a plain-language status for the public target.
Top issuesPrioritize the few findings that need attention first.
What passedShow expected public signals without turning them into a certification.
What needs reviewSeparate limited, unavailable, and review-worthy signals.
Why it mattersExplain the business, delivery, crawl, or implementation impact.
Recommended fixesPoint to the DNS, hosting, email, CMS, or SEO owner who can act.
What this tool cannot checkThis is not a vulnerability scan, penetration test, malware scan, uptime monitor, or full security audit.
Client-safe copyClient-safe copy should keep issue summaries and recommended fixes while avoiding raw headers, cookies, tokens, credentials, and oversized payloads.
Monitoring beta (optional)Optional monitoring beta can track public changes in SSL, redirects, headers, DNS, robots/sitemap, canonical/noindex, and metadata after a target is approved.

Client-safe report

Share findings without leaking raw technical material

Use Safe Copy or this page's summary when sending results to a client, vendor, developer, or support team. Raw headers, credentials, tokens, cookies, private addresses, email local-parts, and oversized payloads should stay out of client-facing copy.

Check my website/domain

What this checks

Public DNS, HTTP, HTTPS, certificate, redirect, header, IP/ASN, or domain configuration signals.

Limits

What this cannot check

It cannot perform credentialed vulnerability testing, scan private hosts, bypass access controls, or certify complete security.

Read results

How to use the output

Treat results as review signals for this browser/session or public target. Re-test after one change, then use Safe Copy or notes that avoid raw identifiers.

SEO and AI citation summary

Security Headers Checker: what this tool does

Checks presence of common security-related response headers for one public URL.

How to use

  1. Enter one public HTTP/HTTPS URL or domain accepted by the tool.
  2. Review final URL, source coverage, confidence, and the top fixes before raw details.
  3. Retest after one hosting, DNS, redirect, header, robots, sitemap, or schema change.

What the result means

Treat website, TLS, redirect, header, crawlability, and structured-data outputs as public HTTP/DNS evidence. These tools do not run vulnerability scans or guarantee indexing.

Limitations

  • This tool reports observable signals only; it is not a guarantee or certification.
  • Uses /api/http-headers with constrained HEAD requests.
  • Results can change after VPN reconnects, DNS propagation, browser updates, cache changes, or provider configuration changes.

FAQ

Is this a full security audit?

No. The tool checks selected response headers only and is a limited endpoint review.

What does Security Headers Checker do?

Security Headers Checker checks presence of common security-related response headers for one public URL. Results are review signals with stated limits.

How should I use Security Headers Checker results?

Use the result to decide what to review next, make one change at a time, and retest in the same browser, network, domain, or provider context when possible.

What does Security Headers Checker not prove?

It does not prove anonymity, full security, complete deliverability, full reputation cleanliness, search ranking, or AI citation. It only reports the visible signals available to this tool.