SecLens

Full HTTP security header audit — CSP, HSTS, CORS, SRI, and 15+ checks with live DevTools panel

SecLens audits the HTTP security headers of any website you visit — instantly, in your browser. Open the popup for a quick summary, or the DevTools panel (F12 → SecLens) for a full real-time breakdown as the page loads. Checks include: - Content Security Policy (CSP) — parsed and evaluated using Google's csp-evaluator library - HSTS — max-age, includeSubDomains, preload - CORS misconfiguration detection - Subresource Integrity (SRI) — grouped by registered domain - X-Content-Type-Options, X-Frame-Options - Referrer-Policy, Permissions-Policy - COOP, COEP, CORP - Cache-Control on API responses - Tech stack info disclosure (Server header) - Report-Only CSP detection - Multiple conflicting CSP headers Built for developers and security engineers who want instant visibility into a site's header posture without opening Burp or running a separate scanner. No data leaves your browser. No accounts. No tracking.