Website Security Header Checker
Mozilla Observatory-grade scoring for HTTP headers and TLS — instant, free
Test any public website's HTTP security posture in seconds. SecOSS checks for Content Security Policy, HTTP Strict Transport Security, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, and Permissions-Policy — then grades your site A through F based on Mozilla Observatory standards. TLS certificate validity and HTTPS redirect are checked automatically.
How to use
- 1Enter any public URL (e.g. https://example.com). The site must be publicly reachable.
- 2SecOSS sends a request and inspects all security-relevant HTTP response headers.
- 3Each header is rated pass, warn, or fail with a plain-English explanation and a recommended fix.
- 4Your site gets an overall score (0–100) and letter grade — share the results with your team or clients.
Scan method
Enter any public website URL. SecOSS checks HTTP security headers, TLS certificate validity, and HTTPS configuration using Mozilla Observatory.
Try:
What we check
- ✓ Content Security Policy
- ✓ Strict Transport Security
- ✓ X-Frame-Options
- ✓ X-Content-Type-Options
- ✓ Referrer Policy
- ✓ Cookie Security flags
- ✓ TLS certificate validity
- ✓ HTTPS redirect (HTTP→HTTPS)