Target URL

Examples: google.com github.com cloudflare.com mozilla.org

ⓘ Tests HSTS, CSP, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy, and more.

⚠ CORS Limitation Detected — Modern browsers block cross-origin HEAD requests due to security policies. The results below show recommendations based on a typical unconfigured server. To inspect real headers, use Browser DevTools → Network tab and check the response headers for the page's main document.

Fetching security headers…

—

Security Score: 0/100

Live analysis