Loading CheckWebs…
Loading CheckWebs…
Security tool
Evaluate HTTP security headers including Content-Security-Policy, Strict-Transport-Security, X-Content-Type-Options, X-Frame-Options, Referrer-Policy, and Permissions-Policy. Get a letter grade (A+ to F).
What it checks
Grade your security headers (CSP, HSTS, X-Frame, etc.).
Review the browser-visible signals that affect user trust and SEO.
Find missing headers, expired certificates, insecure assets, or weak redirects.
Map each finding to server, CDN, or application-level follow-up.
Methodology
Next steps
Interpretation
Use cases
Validate HTTPS, redirects, headers, and browser-facing security before launch.
Quickly confirm whether a warning is caused by TLS, mixed content, or headers.
Collect practical evidence before a security or privacy review.
Popular checks
Next paths
Use these pages when the result points to a broader check, a fix workflow, or a related technical question.
Fix workflows
Resolve expired SSL certificates and prevent HTTPS trust warnings from blocking users.
Open fix guideFix HTTP assets loaded on HTTPS pages to remove browser warnings and trust issues.
Open fix guideAdd HTTP Strict Transport Security safely after HTTPS is working across all hosts.
Open fix guideAdd a Content Security Policy without breaking scripts, styles, analytics, or checkout flows.
Open fix guideFrequently asked questions
No. Enter a URL or domain and run the check in your browser. Some results can be partial if the target site blocks requests or hides the data being checked.
The Security Headers Grade runs live checks against the target website. Results reflect what was reachable at the time of the test, so retest after changing DNS, redirects, headers, or page content.
Grade A or A+ means the critical headers this check reviews are present and configured. Lower grades point to hardening gaps worth reviewing.
Content-Security-Policy (CSP) is often the most impactful because it controls which scripts can execute. HSTS is also important because it enforces HTTPS connections.
They are mainly a user-safety and hardening issue. Search systems care that pages are safe and reachable, but a missing header is not a simple ranking lever. Fix the headers to reduce real browser and application risk.