Security Headers Checker

Free security headers checker

SCAN THIS DOMAIN with the free security headers checker to confirm whether HSTS, Content-Security-Policy, frame protection, content-type protection, referrer policy, and permissions policy are present.

CHECK YOUR DOMAIN, then use Check headers for the focused browser-header lookup or open the Full Exposure Report at /exposure-report to review headers alongside email authentication, TLS, and public exposure signals.

Run full Exposure Report when a missing header appears on a finding page so the issue is triaged with the rest of the public attack surface.

Why this matters

Identify missing browser security headers such as CSP, HSTS, Referrer-Policy, and frame protection. The goal is not to create noise. The goal is to turn a visible security signal into a clear next action a business owner, MSP, or IT lead can understand.

What to check

• Confirm the public signal exists and is current.
• Record the evidence in a way another person can validate.
• Separate urgent exposure from normal hygiene work.
• Link the finding to a remediation guide, tool, or assessment.

Recommended workflow

1. Run the check or read the assessment criteria.
2. Save the visible evidence.
3. Decide whether the finding affects email trust, web trust, identity, backup, or compliance evidence.
4. Fix the highest-confidence issue first.
5. Re-test and document the new result.

Recommended vendor category: review recommended remediation options (Breach Horizon affiliate link) after documenting your current state.

Output to keep

| Evidence | Why it matters | Owner | | --- | --- | --- | | Current public result | Establishes baseline | IT / MSP | | Recommended change | Shows next action | Technical owner | | Retest result | Proves closure | Reviewer |