Paste HTTP response headers and review HSTS, CSP, nosniff, referrer, permissions and frame controls.
Checklist score-
Passed checks-
Needs review-
This checklist turns pasted response headers into a compact review of common browser-side protections. It is useful after a deployment, CDN change or server configuration update.
What gets scored
The checklist reviews HSTS age, Content-Security-Policy structure, unsafe CSP directives, nosniff, Referrer-Policy, Permissions-Policy, frame protection, Cross-Origin-Opener-Policy and exposed implementation headers. The score is a triage signal, not a final security grade.
Scope
The page does not request your site or scan a server. Paste headers from your browser dev tools, curl output or monitoring logs.