All tools
Developer Tool
Security Headers Auditor.
Scan any URL for CSP, HSTS, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy, and COOP/COEP — get a clear grade and copy-paste Next.js header config to fix what's missing. Runs server-side. How to use
Fetches the URL server-side and inspects response headers. Some sites send different headers to bots, and a CDN/WAF may add headers not visible here. Header reference: MDN HTTP Headers.