Just provide any URL or domain and it will analyse the headers served by the given page. Among many header tested: HTTP Strict-Transport-Security (HSTS), Content-Security-Policy (CSP), X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy, Cross-Origin-Opener-Policy (COOP), Cross-Origin-Resource-Policy (CORP), Set-Cookie, Access-Control-Allow-Origine …
Very complete and useful for
- Site owners: to check their setup and how their site is viewed by browsers, crawler, bots, so as customer (and their related trust). A must for big brands and commercial sites.
- Visitors or shoppers: wanting to know your policy and risk of browsing your site. A must if you already have some doubts (but in general, for safety or security, you know the saying “if you already have a doubt …”).
Not only a very good tool, but also the documentation and examples along with each header type is of great help.
Be prepared: if your site is heavily depending on several external ressources providers (font, scripts, CDNs, external cookies, embeds ..), it will be very hard to get the “A+” grade, mainly due to the “Content Security Policy” and its optimal requirement (loading everything locally, https, trusted sources …)
Note: mind if you check or not the box “hide results” … as your results:
- will be public
- and could be included in either the “Hall of Fame” or the “All of Shame” (that being said, it is maybe a chance to get a link for SEO purposes …)
Recommended!
