Test HTTP Response Security Header.

Find out if your site has secure headers to restrict browsers running from avoidable vulnerabilities.

HTTP Security Headers

Mitigate the security vulnerabilities by implementing necessary secure HTTP response headers in your web server, network device, etc.

Currently, it tests the following headers, and OWASP recommends most of them.

  • HTTP Public Key Pinning (HPKP)
  • HTTP Strict Transport Security (HSTS)
  • X-XSS-Protection
  • X-Frame-Options
  • X-Permitted-Cross-Domain-Policies
  • Content Security Policy (CSP)
  • X-Content-Type-Options

You may refer HTTP header implementation guide to configure them in Nginx, Apache, IIS, CDN, etc.