Security Hardening Recommendations

HTTP headers checker

Inspect response headers and get practical guidance for security posture. Ideal for validating HSTS, CSP, and basic anti-mime sniffing protections.

Security headers
HSTS, CSP, XFO, XCTO and more
Misconfig checks
Spot missing or risky defaults quickly
Shareable output
Readable results for tickets and audits

Inspect headers

Enter a URL or domain. We’ll evaluate common security headers and show what’s missing.

Tip: test both http and https if you suspect redirects or mixed policy.
Results appear below after each header check.

Results

Live response headers and security score.

Run a header check to see live results here.

Recommendations

Low-risk improvements that move the needle.

Add HSTS
Start small (e.g. 1 day), verify, then increase max-age. Only enable if HTTPS is enforced.
Tighten CSP
Avoid unsafe-inline where possible and keep third-party origins minimal.
Permissions Policy
Disable features your site doesn’t need (camera, mic) and explicitly allow what you do.

FAQ

Quick answers to common questions.

Can headers break a site?
A strict CSP can if it’s not tested. Start in report-only mode, then tighten iteratively.
Do I need all headers?
Not all. Aim for a sensible baseline and align with how your site actually works.

Fix it with step-by-step guides

Found an issue with this tool? These Tips & Tricks walk through the fix on Windows, macOS, and Linux.

Linux 16 min
Harden SSH server on Linux
Lock down SSH without locking yourself out — test every change in a second session.
Read guide
Linux 12 min
UFW firewall basics on Ubuntu and Debian
Turn on UFW without cutting off your own SSH session — sensible defaults for servers and desktops.
Read guide
Windows 10 min
Windows Firewall: inbound vs outbound rules
Practical Windows guide: windows Firewall: inbound vs outbound rules without the usual guesswork.
Read guide
macOS 10 min
macOS firewall settings explained
Practical Mac guide: macOS firewall settings explained without the usual guesswork.
Read guide

Browse full topic libraries:

Windows · Security macOS · Security Linux · Security Windows · Admin macOS · Admin Linux · Admin

Tips & Tricks hub

Tools

Want your headers hardened properly?

We can implement secure headers and CSP in a way that’s tested, monitored, and compatible with your real-world stack.

Start a conversation All tools
Measured changes. No surprises. Clear outcomes.
Security CSP HSTS