XowiaScan
Home Tools Pricing API Docs About Sign in Get started
← All tools

Security Header Analyzer

Recon & Discovery

Fetch a URL and grade its HTTP security headers with concrete, prioritized fixes.

What is Security Header Analyzer?

Security Header Analyzer requests a URL and evaluates the response headers that protect users — then assigns a clear grade and explains what is missing and why it matters.

It turns the often-overlooked header layer into an actionable checklist, ideal for quick hardening reviews and client reports.

Headers it grades

  • Strict-Transport-Security (HSTS) — enforced HTTPS and preload readiness.
  • Content-Security-Policy — presence and obvious weaknesses like unsafe-inline.
  • X-Frame-Options / frame-ancestors — clickjacking protection.
  • X-Content-Type-Options — MIME-sniffing protection.
  • Referrer-Policy & Permissions-Policy — privacy and feature lockdown.
  • Overall grade — a single score plus a per-header fix list.

Where it fits in your workflow

  • Fast hardening pass for a site or a portfolio of hosts.
  • Generate header recommendations for a remediation report.
Use Security Header Analyzer

Run it from your dashboard.

Create free account Sign in Use via API

At a glance

CategoryRecon & Discovery
RunsServer-side
Token cost 3 / run (free tier)
AccessFree
Status● Live

Frequently asked questions

How is this different from the CSP Analyzer?

This grades the full set of security headers at a high level. The CSP / CORS Analyzer drills specifically into Content-Security-Policy and cross-origin exposure.

Explore more tools →