Frequently Asked Questions
Can't find what you're looking for? Contact us for more help.
What are HTTP security headers?
HTTP security headers are directives that web servers send to browsers to enhance the security of web applications. They help mitigate attacks like cross-site scripting (XSS), clickjacking, and other code injection attacks.
Which security headers does your scanner check for?
Our scanner checks for all major security headers including Content-Security-Policy (CSP), Strict-Transport-Security (HSTS), X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy, and more.
How often should I scan my website for security headers?
We recommend scanning your website whenever you make significant changes to your web application or at least quarterly. Security best practices evolve, so regular checks help ensure your headers remain properly configured.
Is this scanner free to use?
Yes, our basic scanner is completely free with no limits on the number of scans. We offer a Pro version with additional features like bulk scanning and historical data tracking.
How accurate are the scan results?
Our scanner provides highly accurate results by directly analyzing the HTTP response headers from your server. However, some headers might be dynamically set by client-side code which we can't detect.
Can I scan websites that require authentication?
Currently, our scanner only checks publicly accessible websites. Scanning authenticated areas would require credentials, which we don't support for security reasons.