GlitchReplay
← All tools

Security headers scorecard

Enter any URL. Get an OWASP-aligned letter grade for its HTTP security headers, plus a per-header explanation and recommendation.

Security headers are the browser-level defenses your server hands out on every response. This scanner fetches a URL, reads its HTTP security headers — HSTS, CSP, Referrer-Policy, Permissions-Policy, and the cross-origin isolation trio — and grades each one against OWASP-aligned recommendations. Use it as a quick sanity check before a release, or to compare your site against a competitor's.

We send a HEAD (then GET if needed) from our server with a 5-second timeout. No cookies, no auth.
Enter a URL above to grade its HTTP security headers.

Scoring is opinionated and OWASP-aligned. A perfect score doesn't mean perfect security — it means baseline hygiene.

Want this on every error automatically?

GlitchReplay does this on every event you capture. Sentry-SDK compatible, flat-rate pricing, session replay included — built on Cloudflare so a bad deploy will never blow up your bill.

Get started — freeRead the docs