HTTP Security Header Checker

Check if a web page has the recommended HTTP Security Headers based on OWASP guidelines.

Instantly validate your website's HTTP security headers against OWASP recommendations HTTP Security Header Checker is a developer-focused Chrome extension that helps you quickly verify whether a web page includes the recommended HTTP security headers based on the latest OWASP (Open Web Application Security Project) guidelines. Key Features ✓ Real-time Header Analysis - Click the extension icon to instantly check the current page's security headers ✓ OWASP Compliance - Validates against industry-standard security header recommendations ✓ Visual Indicators - Green checkmarks for present headers, red X for missing ones ✓ Direct Documentation Links - Each header links to the official OWASP documentation ✓ Technology Detection - Warns when Server headers reveal your technology stack ✓ Clean, Simple Interface - No configuration needed, works immediately This extension validates the following security headers: • Content-Security-Policy - Prevents XSS, clickjacking, and other code injection attacks • Strict-Transport-Security - Enforces secure HTTPS connections • X-Content-Type-Options - Prevents MIME type sniffing • X-Frame-Options - Protects against clickjacking attacks • X-XSS-Protection - Enables browser's XSS filter • Referrer-Policy - Controls referrer information sent with requests • Permissions-Policy - Controls which browser features can be used Perfect For - Web Developers ensuring their sites follow security best practices - Security Professionals performing quick header audits - DevOps Engineers validating security configurations - QA Testers checking security header implementation - Students learning about web security Educational Tool Each header includes a direct link to the OWASP HTTP Headers Cheat Sheet, making this extension both a validation tool and a learning resource. Click any header's documentation link to understand why it's important and how to implement it correctly. Privacy Focused - No data collection or tracking - Works entirely locally in your browser - Only reads headers from the current tab when you click the extension - Open source and transparent How to Use 1. Navigate to any website 2. Click the HTTP Security Header Checker extension icon 3. View instant results showing which security headers are present or missing 4. Click the documentation links to learn more about each header Built with Modern Standards This extension follows Chrome's Manifest V3 requirements, ensuring compatibility with the latest browser security and performance standards. Open Source This extension is open source and available on GitHub. Contributions and feedback are welcome! Learn More For more information about HTTP security headers and web security best practices, visit the OWASP Secure Headers Project: https://owasp.org/www-project-secure-headers