Is this a full security audit?

No. It checks selected response headers only and is a limited endpoint review.

Why use HEAD requests?

HEAD requests let MyIPScan inspect headers without downloading response bodies.

What targets are allowed?

Only one public HTTP or HTTPS URL is allowed. Private, local, metadata, and unsupported targets are blocked.

Website Security Tool

Security Headers Checker

Check whether a public endpoint returns common security-related HTTP headers. Missing headers can be worth reviewing, but this is not a vulnerability scan.

Check security headers

Enter one public HTTP or HTTPS URL.

Raw JSON

What the results mean

The tool checks for HSTS, Content-Security-Policy, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, and Permissions-Policy. Present headers are one signal, and missing headers need context.

How to use this tool

Enter a public URL.
Review which headers were returned.
Use the HTTP Headers Checker for raw header context, Redirect Checker for chain behavior, Open Graph / Social Preview Checker for share metadata, and Robots.txt, Sitemap, or Canonical / Noindex Checker for crawler and indexing context.

FAQ

Is this a score?

No. It is an informational presence check, not an absolute grade.

Can missing headers be intentional?

Yes. Header choices depend on application behavior and rollout risk.

Does this fetch page content?

No. The backend uses constrained HEAD requests and does not proxy response bodies.