Analyse the security posture of any website by inspecting its HTTP response headers
Strict-Transport-SecurityCriticalEnforces HTTPS — prevents protocol downgrade and cookie hijacking attacks
Content-Security-PolicyCriticalControls resource loading — primary defence against XSS attacks
X-Frame-OptionsHighPrevents clickjacking by blocking iframe embedding from other origins
X-Content-Type-OptionsMediumStops MIME-type sniffing — prevents content type confusion attacks
Referrer-PolicyMediumControls referrer data sent with requests — protects user privacy
Permissions-PolicyMediumRestricts access to browser APIs like camera, microphone and geolocation