SSL & Security Headers Audit
Enter a URL to instantly audit your site's HTTPS status and whether key security headers like HSTS, CSP and X-Frame-Options are present.
What is the SSL & Security Headers Audit?
Security headers are HTTP headers your server sends with every response that tell the browser how to protect your site. This tool checks whether your site uses HTTPS and whether key security headers like HSTS, CSP and X-Frame-Options are present, listing what's missing. A secure site improves both visitor trust and SEO.
How to use it
- 1Enter the address of the site you want to audit.
- 2Press 'Check'; the HTTPS status and header score appear instantly.
- 3Add the missing (red) headers to your server to improve security.
Frequently asked questions
Do security headers affect SEO?
HTTPS is a direct ranking signal. The other security headers are not direct ranking factors, but a secure, trustworthy site improves user trust and avoids browser warnings.
How do I add these headers?
Headers are added in your server config: 'add_header' in Nginx, 'Header set' in Apache, or your app's header settings (e.g. Next.js next.config). For each missing header, add the corresponding rule.
Do I have to add all of them?
No, but the four marked 'important' (HSTS, CSP, X-Frame-Options, X-Content-Type-Options) give a strong baseline. CSP is the strongest protection but needs careful configuration.
I have HTTPS but HSTS is missing — is that a problem?
HTTPS is a sufficient start; HSTS adds protection by forcing the browser to always use HTTPS. Adding it is recommended, but first make sure HTTPS works smoothly on all pages.