Headers

Header snapshot

Security Headers Checker

Inspect response headers for baseline browser security and caching signals.

Pulse score--Header snapshot

Signal checklist

The result summarizes present, missing and review-needed security headers.

Security Headers

Enter a public URL to review headers such as HSTS, CSP, X-Frame-Options, Referrer-Policy and content type.

Methodology

Result

The result summarizes present, missing and review-needed security headers.

Support

Keep this free result available

Use the result first. Support and promotional areas stay separate from the useful result.

  • Useful result first
  • No signup required
  • Promotions kept separate
Choose an amount before the secure payment page opens.

Guide and interpretation

How to use this check

Enter a public URL to review headers such as HSTS, CSP, X-Frame-Options, Referrer-Policy and content type.

SitePulse reads only HTTP response headers from the bounded request; it does not execute page scripts.

How to interpret the result

Missing CSP or HSTS can be a risk, but final policy depends on the application and hosting context.

Example

A healthy public app may include strict-transport-security, content-security-policy and referrer-policy headers.

Common issues and next steps

Headers are often configured in CDN, reverse proxy and application layers, which can overwrite each other.

Audit the final response at the public URL, then update the layer that actually controls the header.

Methodology and limits

Header presence is not a full vulnerability scan or CSP quality audit.

FAQ

Is this a penetration test?

No. It is a lightweight response-header diagnostic.

Does SitePulse run JavaScript?

No. The backend probe reads HTTP responses only.