Modern browsers rely on specific headers to protect users. This audit checks for the presence of X-Frame-Options, Content-Security-Policy, and HSTS to ensure your website follows security best practices.
Ready to scan...
At a minimum, you should have HSTS (for HTTPS), X-Frame-Options (anti-clickjacking), and X-Content-Type-Options.
No, this is an audit tool. You need to configure your web server (Nginx, Apache) or application code to send these headers.