~/tools / security-headers

Security Headers Checker

Scan HTTP security headers. Grades HSTS, CSP, X-Frame-Options and others, with explanations of what each header protects.

[ CRITICAL ] Weak security posture (0/100) — missing: HSTS, CSP, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy

── output ─────

0

security_score

HTTP 200 · https://leclerc.com

Strict-Transport-Security (HSTS)

[ MISSING ]

// Forces HTTPS for all connections. Prevents downgrade attacks.

// missing — add this header to improve security

Content-Security-Policy (CSP)

[ MISSING ]

// Defines which sources of scripts/styles/images are allowed. Prevents XSS.

// missing — add this header to improve security

X-Frame-Options

[ MISSING ]

// Prevents clickjacking by blocking iframe embedding from other origins.

// missing — add this header to improve security

X-Content-Type-Options

[ MISSING ]

// Prevents MIME sniffing. Should be 'nosniff'.

// missing — add this header to improve security

Referrer-Policy

[ MISSING ]

// Controls how much referrer info is leaked when navigating away.

// missing — add this header to improve security

Permissions-Policy

[ MISSING ]

// Restricts which browser features (camera, mic, etc.) the page can use.

// missing — add this header to improve security

// Save leclerc.com → we'll run this daily and alert on changes. /signup →