Security header grade
A letter grade based on the presence of HSTS, CSP, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, and Permissions-Policy.
Free HTTP Header Checker
Enter a URL to see its HTTP response headers and get a security grade based on the presence of HSTS, CSP, X-Frame-Options, and other hardening headers.
Check HTTP headers
Enter a URL (or domain). NorthDuty requests it and reports the response headers and a security-header grade.
Free check. No signup, nothing stored.
How NorthDuty security header monitoring works
Enter a URL (or domain). NorthDuty requests it and reports the response headers and a security-header grade. Recurring checks are configured inside the NorthDuty app.
What this header checker reports
A single request shows the response headers and grades the most important security headers.
Which headers are missing
A clear present/missing breakdown so you know exactly which hardening headers to add.
Response status
The final HTTP status after redirects, so you can confirm the URL resolves the way you expect.
Notable headers
Server, Content-Type, Cache-Control, and X-Powered-By — useful context for debugging and fingerprinting risk.
Why check HTTP headers
Security headers are cheap to add and meaningfully reduce clickjacking, MIME-sniffing, and downgrade attacks — but they're easy to forget.
- See whether HSTS is forcing HTTPS
- Confirm a Content-Security-Policy is in place
- Check clickjacking protection via X-Frame-Options
- Verify X-Content-Type-Options stops MIME sniffing
- Spot information-leaking headers like X-Powered-By
How the header checker works
No signup — enter a URL and get the headers and grade back.
1
Enter a URL
Provide a full URL or just a domain; NorthDuty defaults to HTTPS.
2
We request the page
NorthDuty makes a GET request and reads the response headers, following redirects safely.
3
You get a graded report
Security headers are scored A-F with a present/missing list — nothing is stored.
4
Keep headers in check
NorthDuty's health checks include security-header scoring, so regressions are caught on a schedule.
Go Beyond One-Off Checks
Use the tool preview for a quick answer, then move into recurring monitoring for your most important pages and journeys.
Feature
Website Monitoring
What website monitoring is and how it works: NorthDuty combines default 5-minute health checks, screenshot-based UI diffs, and editable user journey monitoring in one project.
Explore Website MonitoringFeature
Uptime Monitoring
Monitor uptime every 5 minutes by default with HTTP, SSL, DNS, blank-page detection, broken resources, JavaScript errors, and API call tracking.
Explore Uptime MonitoringArticle
Website Monitoring Checklist
Use this website monitoring checklist to decide which pages, signals, journeys, and alerts your team should monitor first.
Read Website Monitoring ChecklistPricing
Pricing
NorthDuty pricing for website monitoring: a free plan through $29/mo Starter, Pro, and Business — covering uptime, visual change detection, and user journeys.
Compare pricing plansFrequently Asked Questions
Answers about this diagnostic preview and when to move into recurring monitoring.
Is this header checker free?
Yes. It's free and requires no signup. Enter a URL and you get the response headers and a security grade.
How is the security grade calculated?
It scores the presence of six key headers — HSTS, Content-Security-Policy, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, and Permissions-Policy — and maps the count to an A-F grade.
Does a perfect grade mean my site is secure?
No. Headers are one layer. A high grade means good baseline hardening, but real security depends on many other factors.
Does it follow redirects?
Yes. It follows redirects safely and reports the headers and status of the final response.
Call To Action
Start monitoring your website with NorthDuty today.
Security headers can disappear in a single deploy. NorthDuty scores them continuously, so a missing CSP or HSTS gets flagged fast.
Start on the free plan — add your base URL and monitoring starts in minutes.