Are your security headers enough?

Without HSTS, CSP, X-Frame-Options and friends, your site is open to XSS, clickjacking and mixed-content attacks. Run 12 critical header checks in one click.

Only response headers are read; page content isn't stored.