Security Header Analysis
Powered by HTTP Security Headers Scanner
Check your website's HTTP security headers including Content-Security-Policy, HSTS, X-Frame-Options, and cookie security flags.
What You Get
HTTP Security Headers Scanner is fully integrated into Metric Tower's scanning engine. Launch it alongside 74 other modules, or run it on its own.
- CSP policy analysis
- HSTS enforcement check
- X-Frame-Options validation
- Cookie security flags
- CORS misconfiguration detection
Part of a 75-Module Platform
Metric Tower runs 75+ scanner modules through a six-phase pipeline. HTTP Security Headers Scanner runs as one module in this pipeline. Its results feed into downstream scanners automatically.
75+
Scanner Modules
6
Scan Phases
5
Export Formats
9
Ticketing Integrations
How It Works
Metric Tower runs HTTP Security Headers Scanner as one of 75+ integrated modules.
Add Your Target
Enter a domain, IP address, or URL. MetricTower validates the target and sets up the scan workspace.
Select Modules & Launch
Choose HTTP Security Headers Scanner along with any combination of other modules. The pipeline handles dependencies and execution order.
Review Findings
View real-time results as the scan progresses. Triage findings, export reports in 5 formats, and route alerts to your team.
Compliance Alignment
Helps meet OWASP Top 10 A05:2021 (Security Misconfiguration) and PCI DSS 6.5.10.
Metric Tower is a security scanning tool -- it helps you meet compliance requirements but does not provide compliance certifications.
View all compliance mappings56+
Scanner Modules
6
Scan Phases
Real-Time
Results via WebSocket
SARIF
Export + 4 More Formats
Start Scanning with HTTP Security Headers Scanner
Free tier available -- no credit card required.