Headers Scanner

Enter a URL to inspect response headers and common security headers. Private IPs are blocked for safety.

What are security headers and why you need them?

Security headers are HTTP response fields that tell browsers how to handle your site's content and provide protection against common web threats such as cross-site scripting (XSS), clickjacking and MIME-type sniffing.

HSTS — forces browsers to use HTTPS, protecting data in transit.
Content-Security-Policy (CSP) — restricts which scripts and resources can run, reducing XSS risk.
X-Frame-Options — prevents your site from being embedded in third-party frames (clickjacking).
X-Content-Type-Options — stops browsers from guessing content types, avoiding risky interpretation.

WordPress sites commonly run many themes and plugins; correct security headers add an important layer of defense, lower the impact of plugin/theme vulnerabilities, protect visitors and help meet modern security best practices.