How to Check Website Security Headers in One API Call

Most websites are missing critical security headers. Here is how to check. The 10 Security Headers Strict-Transport-Security (HSTS) — force HTTPS Content-Security-Policy (CSP) — prevent XSS X-Content-Type-Options — prevent MIME sniffing X-Frame-Options — prevent clickjacking X-XSS-Protection — legacy XSS filter Referrer-Policy — control referrer info Permissions-Policy — restrict browser features Cross-Origin-Opener-Policy — isolate browsing context Cross-Origin-Resource-Policy — control resource loading Cross-Origin-Embedder-Policy — require CORS Quick Check in Node.js const response = await fetch ( url , { method : " HEAD " }); const SECURITY_HEADERS = [ " strict-transport-security " , " content-security-policy " , ...]; const present = SECURITY_HEADERS . filter ( h => response . headers . has ( h )); const score = Math . round ( present . length / SECURITY_HEADERS . length * 100 ); Real World Scores Stripe.com : 60% (6/10 headers) Google.com : 70% (7/10) GitHub.com : 80% (8/10) I bu

How to Check Website Security Headers in One API Call

Related Articles

How I turned my Pixel phone into a genuinely productive desktop computer - for free

The Sonos Bluetooth Speaker Is $40 Off

Gemini's Personal Intelligence shocked me with everything it knows - here's how to turn it on (or off)

You Don’t Need More Tutorials - You Need Better Problems

Autonomous agents are easy to build. Secure authorization is the hard part.

Related Articles

How-To
How I turned my Pixel phone into a genuinely productive desktop computer - for free
ZDNet • 19m ago

How-To
The Sonos Bluetooth Speaker Is $40 Off
Wired • 1h ago

How-To
Gemini's Personal Intelligence shocked me with everything it knows - here's how to turn it on (or off)
ZDNet • 2h ago

How-To
You Don’t Need More Tutorials - You Need Better Problems
Medium Programming • 3h ago

How-To
Autonomous agents are easy to build. Secure authorization is the hard part.
Medium Programming • 5h ago