Software Alternatives, Accelerators & Startups

Security Headers

Quickly and easily assess the security of your HTTP response headers.

Security Headers

Security Headers Reviews and Details

This page is designed to help you find out whether Security Headers is good and if it is the right choice for you.

Screenshots and images

  • Security Headers Landing page
    Landing page //
    2023-08-04

Features & Specs

  1. Enhanced Security

    Security Headers significantly improve your web application's security by protecting against common vulnerabilities like XSS, Clickjacking, and MIME sniffing.

  2. Quick Assessment

    The tool provides a fast evaluation of the headers implemented on your website, helping you quickly identify missing or misconfigured headers.

  3. Easy to Use

    Security Headers is user-friendly and does not require advanced technical skills, making it accessible for both developers and security professionals.

  4. Free Tool

    The service is free to use, allowing widespread access and enabling users to improve web security without financial barriers.

Badges

Promote Security Headers. You can add any of these badges on your website.

SaaSHub badge
Show embed code

Videos

HTTP Security Headers | Part 01

HTTP Security Headers In Action - Sven Morgenroth - PSW #652

Social recommendations and mentions

We have tracked the following product recommendations or mentions on various public social media platforms and blogs. They can help you see what people think about Security Headers and what they use it for.
  • The Security Checklist Every Vibe Coder Needs Before Launch
    Check: Go to securityheaders.com and enter your URL. A grade below B means you're missing important ones. - Source: dev.to / 25 days ago
  • Four HTTP security headers every WordPress site should set
    The curl above is the fastest check; all four lines should come back. In a browser, DevTools, Network tab, click the document request, read Response Headers. For a letter grade, securityheaders.com scores you against a known rubric. One quirk: these four alone land a B, and you reach A only once you add Content-Security-Policy. - Source: dev.to / about 2 months ago
  • Manual Web Content Discovery: How You Can Find Hidden Paths Before Attackers Do
    Remediation: Configure your web server to suppress or mask the Server header. Add security headers like Content-Security-Policy, Strict-Transport-Security, X-Frame-Options, and X-Content-Type-Options. You can use tools like securityheaders.com to check your current header posture. - Source: dev.to / 2 months ago
  • The LiteLLM Attack Exposed a Bigger Problem: Your Vibe-Coded App Probably Has the Same Vulnerabilities
    Step 4: Check your security headers (2 minutes) Visit securityheaders.com and enter your deployed URL. If you get anything below a B, you're missing critical protections. - Source: dev.to / 4 months ago
  • 5 things your website is getting wrong (and how to check for free)
    How to check: Run curl -I https://yourdomain.com and scan the response headers. Or paste your URL into securityheaders.com for a free graded report. - Source: dev.to / 4 months ago
  • Your portfolio site is probably broken in ways you haven't checked
    Performance: Chrome DevTools โ†’ Network tab, throttled to Fast 3G. Security: securityheaders.com - paste your URL, get a grade. - Source: dev.to / 4 months ago
  • CSRF Protection Without Tokens or Hidden Form Fields
    Adding more security headers every year feels like strapping seatbelts onto a collapsing roller coaster. It would be better to stop this "sec headers stack" in favour of simpler, secure by default browser primitives with explicit opt-out. Getting an example from https://securityheaders.com the list nowadays is as follows: Strict-Transport-Security. - Source: Hacker News / 7 months ago
  • HTTP Security Headers
    Want to see how your site scores? Head over to securityheaders.com to scan your website's security headers. You might be surprised at what's missing! - Source: dev.to / 9 months ago
  • I Scanned 50 Web Agency Websites & Most Failed Basic Security
    If you build or maintain websites, run your own domain through SecurityHeaders.com โ€” it takes two seconds. Manual audits like this took me hours, which is exactly why I built Achilleus: to automate security header monitoring across all your sites. - Source: dev.to / 9 months ago
  • Image Compression Basics and EXIF Privacy Guide (Client-Side Demo Tool)
    It's good to have a client side that does not send data to remote, improvements: - CSP and security headers, currently this site scores D on https://securityheaders.com. - Source: Hacker News / about 1 year ago
  • ๐Ÿ›ก๏ธ Mastering Security HTTP Headers
    Regular Audits: Use tools like Mozilla Observatory or Security Headers to regularly check your headers. - Source: dev.to / almost 2 years ago
  • Is your website Secure check out
    What's better about this vs. Mozilla Observatory. https://developer.mozilla.org/en-US/observatory (formerly https://observatory.mozilla.org/) Or Security Headers? https://securityheaders.com/ Or VENOM? https://github.com/oshp/oshp-validator Applaud the effort, these are things that more devs should be aware of when building websites... Hey some specific feedback... - Source: Hacker News / almost 2 years ago
  • Why is text of sumissions in low-contrast grey on HN?
    There are so many accessibility issues on Hacker News! Ways to avoid the same mistakes? Easy... 1 - Make sure everyone involved from designers to developers to content creators to testers to... Whatever your village has in it... Has knowledge of WCAG. (New standards out a few weeks ago!) WCAG is the de facto law of the land now, and businesses are liable from damages if they don't make efforts to ensure all users... - Source: Hacker News / over 2 years ago
  • Show HN: Year old launches SaaS platform today. Seeks feedback
    Few minor accessibility issues. https://wave.webaim.org/report#/https://propbox.co/ Bunch of front-end security issues. Some of these are trivial, but also... Why not just knock them out? https://securityheaders.com/?q=https%3A%2F%2Fpropbox.co%2F&followRedirects=on The Privacy page is a nightmare, as others have pointed out. Why do this? Won't work with screen readers, won't let users copy text... it's bad.... - Source: Hacker News / about 3 years ago
  • Hacker News evading criticism by selectively adding noreferrer to certain links
    FWIW HN sets the Referrer-Policy header [1] to origin [2] but I have no idea how many browsers honor that. [1] - https://scotthelme.co.uk/a-new-security-header-referrer-policy/ [2] - https://securityheaders.com/?q=https%3A%2F%2Fnews.ycombinator.com%2F&hide=on&followRedirects=on. - Source: Hacker News / about 3 years ago
  • Security headers - what they are and how to use them ๐Ÿ”’
    I was recently tasked with improving the security rating on one of our websites. This involved a couple of things but the thing I want to focus on in this post is security headers. We scanned the site here and were initially given a rating of 'E'. Not good. So one of the recommendations was to add security headers which are headers contained in the HTTP response and can provide various different security benefits,... - Source: dev.to / about 3 years ago
  • Google No Longer Automatically Indexes Websites โ€“ WTF?
    Google has to know about the site before it can index it. Set up the sitemap, then link the sitemap in from Google's Search Console Tools, and install Google Analytics. This will help Google pick up that your site exists. Make sure your robots.txt file is configured to allow crawlers. Make sure your pages aren't inadvertently NOINDEX'd. SEO isn't as relevant as it used to be, but all this stuff should be part of... - Source: Hacker News / about 3 years ago
  • Deceptive Site Ahead
    Https://securityheaders.com/ reports A+ or A scores for every one of my subdomains. Source: about 3 years ago
  • Is there an ongoing S3 DNS issue?
    OK, I faced a similar issue due to the code of the app not respecting the content policies. I wanted to have an A ranking on https://securityheaders.com/ but gave up and my app was accessible again. Keep us posted. Source: over 3 years ago
  • Team Kennedy needs some HTTPS help?
    As indigodaddy mentioned the cert is only signed for www and not the apex. [1] tests still running for ipv6. Some headers may be missing [2]. [1] - https://www.ssllabs.com/ssltest/analyze.html?d=www.teamkennedy.com&latest [2] - https://securityheaders.com/?q=https%3A%2F%2Fwww.teamkennedy.com%2F&followRedirects=on. - Source: Hacker News / over 3 years ago
  • HTTP Headers
    Score your website headers: https://securityheaders.com. - Source: dev.to / over 3 years ago

Do you know an article comparing Security Headers to other products?
Suggest a link to a post with product alternatives.

Suggest an article

Security Headers discussion

Log in or Post with

Is Security Headers good? This is an informative page that will help you find out. Moreover, you can review and discuss Security Headers here. The primary details have not been verified within the last quarter, and they might be outdated. If you think we are missing something, please use the means on this page to comment or suggest changes. All reviews and comments are highly encouranged and appreciated as they help everyone in the community to make an informed choice. Please always be kind and objective when evaluating a product and sharing your opinion.