Interconnekt
Free Tool

Are your security headers missing?

A handful of HTTP response headers do a lot of quiet work - forcing HTTPS, blocking injected scripts, and stopping your site being framed for clickjacking. Check yours and get a plain-English grade.

Beyond the check

We'll set your security headers correctly and keep them that way.

Book a consultTalk to us

We fetch the page once from our server and read only its response headers. We don’t log in, submit anything, or store the result.

Your results will appear here

Enter a URL and run the check to see your grade and a card-by-card breakdown of every security header.

What we check

The response headers that quietly harden your site.

Transport

HSTS forces browsers onto HTTPS so a visitor's connection can't be quietly downgraded and intercepted.

Injection & isolation

Content-Security-Policy, X-Content-Type-Options, clickjacking protection and cross-origin isolation (COOP) stop hostile scripts and embedding.

Privacy, cookies & disclosure

Referrer-Policy, Permissions-Policy, cookie flags (Secure, HttpOnly, SameSite) and leaky Server headers control what your site exposes.