New: CheckVibe MCP server — scan from Claude Code and Cursor nativelyRead the docs
Check if your site has the right HTTP security headers to prevent common attacks.
Overview
HTTP security headers are your first line of defense against many common web attacks. Our scanner checks for Content-Security-Policy, Strict-Transport-Security, X-Frame-Options, and other critical headers that protect against clickjacking, XSS, MIME sniffing, and protocol downgrade attacks.
What this scanner does
Analyzes HTTP response headers from your site for the presence and correct configuration of security headers. Checks CSP directives, HSTS preload eligibility, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, and Permissions-Policy.
Why it matters
Missing security headers leave your application exposed to clickjacking, XSS, MIME-type confusion, and man-in-the-middle attacks. Properly configured headers are required by most security compliance frameworks and are a quick win for hardening any web application.
Common findings
OWASP Top 10 coverage
Get a full security report with AI-powered fix suggestions in 30 seconds. No setup required.
Related checks
Configuration Audit
Verify your SSL/TLS configuration, certificate validity, and encryption strength.
Vulnerability Detection
Detect dangerous CORS policies that could allow unauthorized cross-origin access.
Configuration Audit
Audit cookie flags, session management, and token security for your application.
