Security Headers - Tester

This tool checks HTTP security headers for any domain. It evaluates 10 security headers recommended for production websites:

• Content-Security-Policy — Prevents XSS and data injection attacks
• X-Content-Type-Options — Prevents MIME type sniffing
• X-Frame-Options — Prevents clickjacking attacks
• Strict-Transport-Security — Forces HTTPS connections
• Referrer-Policy — Controls referrer information leakage
• Permissions-Policy — Controls browser feature access
• X-XSS-Protection — Legacy XSS filter (deprecated but still checked)
• Cross-Origin-Opener-Policy — Isolates browsing context
• Cross-Origin-Resource-Policy — Prevents cross-origin resource leaks
• Cross-Origin-Embedder-Policy — Controls cross-origin loading

Each header present earns points toward a total score of 100.