HTTP Security Report


Check Your Status

Get an instant report of how your website measures up to the best practices.

Check connection encryption, content security, information disclosure and cookies. Compare your results with today's top sites.

Why HTTP Security?

Following HTTP security best practices is highly recommended as a part of a defense in depth strategy to secure web apps.

HTTP headers can be employed to restrict browsers' allowed actions. Correct usage helps reduce web app attack surface.


Fun Facts

  • The average HTTP Security Report score for the top 500 sites on the Internet is 28.
  • Content Security Policy (CSP) is used by 3.8% of the top websites. Only 0.8% use CSP without the unsafe attribute.
  • Internet Explorer's recent universal XSS attack was mitigated using CSP Level 2 or the X-Frame-Options header.
  • 0.6% of the top sites use the new HTTP Public Key Pinning (HPKP) header.
  • Compromised or misused certificate authorities can be guarded against with HPKP.

For more stats, check out the daily updated site survey.

Bookmarklet

Drag this button to your bookmarks bar to analyze any site you visit. Analyze HTTP Security

HTTP Security Report for https://httpsecurityreport.com/


Score

Followed redirects to

Protocol version -

Full HTTP headers

Class Description