What security headers do you check?

We grade Strict-Transport-Security (HSTS), Content-Security-Policy (CSP), X-Frame-Options, X-Content-Type-Options, Referrer-Policy, and Permissions-Policy — the headers that most affect protection against XSS, clickjacking, MIME-sniffing, and protocol downgrade.

Why is the request always made over HTTPS?

Security headers like HSTS are only meaningful over a secure connection, so the checker always probes https://. If your site only serves HTTP, the request will fail — which is itself a finding worth fixing.

Do you store the results or the URL I check?

No. Each check runs on demand and the result is shown only to you — nothing is stored or logged.

Can you monitor these headers automatically?

Everguardly continuously monitors uptime and SSL certificates for every site you add, and alerts you before certificates expire. Header monitoring is on our roadmap — start a free trial to track your sites today.

Free tool · no signup

Free HTTP Header Checker

Inspect any site's HTTP response headers and grade its security headers (HSTS, CSP, and more).

Frequently asked questions

What security headers do you check?: We grade Strict-Transport-Security (HSTS), Content-Security-Policy (CSP), X-Frame-Options, X-Content-Type-Options, Referrer-Policy, and Permissions-Policy — the headers that most affect protection against XSS, clickjacking, MIME-sniffing, and protocol downgrade.
Why is the request always made over HTTPS?: Security headers like HSTS are only meaningful over a secure connection, so the checker always probes https://. If your site only serves HTTP, the request will fail — which is itself a finding worth fixing.
Do you store the results or the URL I check?: No. Each check runs on demand and the result is shown only to you — nothing is stored or logged.
Can you monitor these headers automatically?: Everguardly continuously monitors uptime and SSL certificates for every site you add, and alerts you before certificates expire. Header monitoring is on our roadmap — start a free trial to track your sites today.

Doing this for 20 client sites?

Everguardly runs these checks automatically and alerts you 60, 30, 14, 7, and 1 days before anything expires.

Start 14-day trial See pricing →

Related tools

SSL Checker

Check any SSL certificate's issuer, expiry, chain validity, and hostname match.

WHOIS Lookup

Look up domain registration, registrar, nameservers, and expiry via RDAP.

DNS Lookup

Resolve A, AAAA, MX, TXT, NS, or CNAME records for any hostname.

Domain Expiry

How many days until any domain expires? Registrar + expiry date in one click.

Email Auth Checker

Check a domain's SPF, DMARC, and DKIM records and get recommendations to improve deliverability.