ⓘ Tests HSTS, CSP, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy, and more.
⚠ CORS Limitation Detected — Modern browsers block cross-origin
HEAD
requests due to security policies. The results below show recommendations
based on a typical unconfigured server. To inspect real headers, use
Browser DevTools → Network tab and check the response headers for the page's main document.
Fetching security headers…
—
—
Security Score: 0/100
Live analysis
—
Present
—
Missing
—
Warnings
Header Analysis
Remediation Snippets
Add to your NGINX server{} block
nginx.conf
Add to your .htaccess or Apache config
.htaccess
Add to your Caddyfile site block
Caddyfile
Export Audit Report
Download a full report as plain-text or JSON
Scan History
Share MySysAd
⚠️ IMPORTANT DISCLAIMER: The tools and scripts on this site are provided "AS IS" for educational purposes.
Review destructive commands before executing. By using this site, you assume all risk and agree to our Full Terms of Service.