Enter a site URL and press Fetch (server proxy required at /api/headers), or switch to Paste to paste raw response headers. The tool analyzes common security headers (CSP, HSTS, X-Frame-Options, etc.) and provides suggestions and a simple grade.