Security Headers Analyzer - Free Online Tool | PivaBox

Analyze HTTP security headers for any URL — check CSP, HSTS, X-Frame-Options and more

How to Use Security Headers Analyzer

1. Enter a full URL (e.g. https://example.com) in the input field
2. Click Analyze Headers to make a HEAD request — the tool reads response headers and checks 7 critical security headers
3. Review the Security Score (0-100), see which headers are present with their values, and read recommendations for missing headers. Click Copy Report to copy a text summary.

Frequently Asked Questions

Is Security Headers Analyzer free?

Yes, PivaBox Security Headers Analyzer is completely free to use. All analysis runs in your browser via fetch().

Why do I get a CORS error?

Many websites block cross-origin requests for security reasons. The tool makes a client-side fetch() request, which requires the target site to allow CORS or the request to be same-origin. Try with your own website or a site you know allows CORS.

What do the security headers do?

The tool checks 7 critical headers: <strong>CSP</strong> prevents XSS by controlling resource loading, <strong>X-Frame-Options</strong> prevents clickjacking, <strong>X-Content-Type-Options</strong> prevents MIME sniffing, <strong>HSTS</strong> enforces HTTPS, <strong>Referrer-Policy</strong> controls referrer leakage, <strong>Permissions-Policy</strong> restricts browser APIs, and <strong>X-XSS-Protection</strong> is a legacy XSS filter.