← Tools
Secure Headers Analyzer
Paste an HTTP response and get a graded breakdown of its security headers, cookie flags, and cross-origin policy, checked against OWASP, RFC 6797, CSP Level 3, and RFC 6265bis.
Analysis runs locally in your browser. Nothing is sent anywhere.
References
- OWASP Secure Headers Project
- MDN - HTTP headers reference
- RFC 6797 - HTTP Strict Transport Security (HSTS)
- Content Security Policy Level 3 (W3C)
- draft-ietf-httpbis-rfc6265bis - HTTP State Management (Cookies)
- RFC 7034 - HTTP Header Field X-Frame-Options
- Referrer Policy (W3C)
- Permissions Policy (W3C)
- HTML Standard (WHATWG) - Cross-Origin-Opener-Policy
- Fetch Standard (WHATWG)