Security Checks

Educational, actionable checks backed by scan data.

HSTS Check

Verify HTTP Strict Transport Security (HSTS) is enabled.

CSP Check

Check Content Security Policy (CSP) coverage and common pitfalls.

Security Headers Check

Validate a baseline set of modern security headers.

HTTPS Redirect Check

Confirm HTTP requests redirect to HTTPS consistently.

Mixed Content Check

Detect HTTP subresources loaded on an HTTPS page.

Cookie Flags Check

Check cookies for Secure, HttpOnly, and SameSite flags.

Clickjacking Protection Check

Verify X-Frame-Options / frame-ancestors configuration.

MIME Sniffing Protection Check

Verify X-Content-Type-Options: nosniff is set.

Referrer Policy Check

Ensure referrer information is not over-shared.

Permissions Policy Check

Audit browser feature permissions (camera, microphone, etc.).