Processed in your browser. Your data never leaves your device.
Security Headers Generator
Generate and analyze HTTP security headers for Nginx, Apache, Vercel, Netlify, and Cloudflare. Visual builder with presets and security scoring.
Strict-Transport-Security (HSTS)
X-Content-Type-Options
Always set to nosniff — no configuration needed.
X-Frame-Options
Referrer-Policy
Permissions-Policy
Camera
Microphone
Geolocation
Payment
USB
Gyroscope
Magnetometer
Accelerometer
Autoplay
Fullscreen
Content-Security-Policy
Cross-Origin-Opener-Policy
Cross-Origin-Embedder-Policy
Cross-Origin-Resource-Policy
X-XSS-Protection
Set to 0 to disable the legacy XSS auditor (modern best practice). Use CSP instead.
X-DNS-Prefetch-Control
X-Permitted-Cross-Domain-Policies
Security Score
C6 headers enabled68/100
ℹ X-Frame-Options: DENY — page cannot be embedded in any iframe
⚠ Content-Security-Policy not set — no protection against XSS and injection attacks. Use the CSP Header Builder for detailed configuration.
Output Format
Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Frame-Options: DENY Referrer-Policy: strict-origin-when-cross-origin Permissions-Policy: camera=(), microphone=(), geolocation=(), payment=(), usb=(), gyroscope=(), magnetometer=(), accelerometer=(), autoplay=(), fullscreen=(self) X-XSS-Protection: 0
6
Headers
C
Grade
347
Bytes