How to use this check
Enter a public URL to review headers such as HSTS, CSP, X-Frame-Options, Referrer-Policy and content type.
SitePulse reads only HTTP response headers from the bounded request; it does not execute page scripts.
Headers
Header snapshotInspect response headers for baseline browser security and caching signals.
The result summarizes present, missing and review-needed security headers.
Enter a public URL to review headers such as HSTS, CSP, X-Frame-Options, Referrer-Policy and content type.
The result summarizes present, missing and review-needed security headers.
Support
Use the result first. Support and promotional areas stay separate from the useful result.
Enter a public URL to review headers such as HSTS, CSP, X-Frame-Options, Referrer-Policy and content type.
SitePulse reads only HTTP response headers from the bounded request; it does not execute page scripts.
Missing CSP or HSTS can be a risk, but final policy depends on the application and hosting context.
A healthy public app may include strict-transport-security, content-security-policy and referrer-policy headers.
Headers are often configured in CDN, reverse proxy and application layers, which can overwrite each other.
Audit the final response at the public URL, then update the layer that actually controls the header.
Header presence is not a full vulnerability scan or CSP quality audit.
No. It is a lightweight response-header diagnostic.
No. The backend probe reads HTTP responses only.