clover.comHTTP Security Headers Checker
Check for Content-Security-Policy, X-Frame-Options, X-Content-Type-Options, and other critical security headers.
Last checked: Mar 19, 2026, 01:00 AM UTC
0/100
Grade FScan Results
Security Headers Score0/100
0
Critical
13
High
2
Medium
2
Passed
Common Security Headers Issues
- No Content-Security-Policy header
- Missing X-Frame-Options (clickjacking risk)
- No X-Content-Type-Options: nosniff
- Overly permissive CORS headers
- Missing Referrer-Policy
What This Check Covers
HTTP security headers are directives sent by the server that instruct browsers how to handle content. Missing headers are one of the most common — and easiest to fix — web security vulnerabilities. Tools like securityheaders.com and ShipSafer check for their presence and correct configuration.
- Content-Security-Policy (CSP)
- X-Frame-Options (clickjacking protection)
- X-Content-Type-Options: nosniff
- Referrer-Policy
- Permissions-Policy
- Strict-Transport-Security (HSTS)
- Cross-Origin Resource Policy (CORP)
Why it matters
Missing security headers are responsible for a wide range of attacks: clickjacking, XSS, MIME-type sniffing, and information leakage. They take minutes to add and can prevent entire vulnerability classes.