Enter one or more URLs to audit their HTTP security posture: Content-Security-Policy, HSTS,
X-Frame-Options, cookie flags and more. Get a tailored CSP, copy-paste fix snippets for
Nginx/Apache/Express/Cloudflare/CloudFront, and an exportable IaC policy. For background, see
MDN's CSP guide.
NEW
Export fixes as Infrastructure-as-Code. Every report now includes a ready-to-apply
AWS CloudFront Response Headers Policy for Terraform, OpenTofu,
CloudFormation, Pulumi and the AWS SDK (boto3).
Analyze Your Security Headers — Enter URLs Below
AWS CLOUDFRONT
Get a ready-to-apply CloudFront Response Headers Policy
No origin or Lambda@Edge changes needed — CloudFront applies the headers at the edge.
Every report tailors this policy to the exact headers your site is missing.
Content-Security-Policy tailored to your site's actual scripts/styles/frames
HSTS with includeSubDomains + preload
X-Frame-Options, Referrer-Policy and the rest of the OWASP baseline
Also exported as Terraform, OpenTofu, CloudFormation, Pulumi and boto3