Test HTTP Response Security Header.

Find out if your site has secure headers to restrict browsers running from avoidable vulnerabilities.

Netsparker Web Application Security Scanner - the only solution that delivers automatic verification of vulnerabilities with Proof-Based Scanning™.

HTTP Security Headers

Mitigate the security vulnerabilities by implementing necessary secure HTTP response headers in your web server, network device, etc.

Currently, it tests the following headers, and OWASP recommends most of them.

  • HTTP Public Key Pinning (HPKP)
  • HTTP Strict Transport Security (HSTS)
  • X-XSS-Protection
  • X-Frame-Options
  • X-Permitted-Cross-Domain-Policies
  • Content Security Policy (CSP)
  • X-Content-Type-Options

You may refer HTTP header implementation guide to configure them in Nginx, Apache, IIS, CDN, etc.