~/tools / security-headers

Security Headers Checker

Scan HTTP security headers. Grades HSTS, CSP, X-Frame-Options and others, with explanations of what each header protects.

>
[ CRITICAL ] Weak security posture (17/100) — missing: HSTS, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy
── output ─────
17
security_score
HTTP 200 · https://www.odido.nl/
Strict-Transport-Security (HSTS)
[ MISSING ]
// Forces HTTPS for all connections. Prevents downgrade attacks.
// missing — add this header to improve security
Content-Security-Policy (CSP)
[ STRONG ]
// Defines which sources of scripts/styles/images are allowed. Prevents XSS.
frame-ancestors http://*.t-mobile.nl https://*.t-mobile.nl http://*.tele2.nl https://*.tele2.nl http://*.ben.nl https://*.ben.nl https://app.storyblok.com https://internet.odido.nl http://*.odido.nl https://*.odido.nl
X-Frame-Options
[ MISSING ]
// Prevents clickjacking by blocking iframe embedding from other origins.
// missing — add this header to improve security
X-Content-Type-Options
[ MISSING ]
// Prevents MIME sniffing. Should be 'nosniff'.
// missing — add this header to improve security
Referrer-Policy
[ MISSING ]
// Controls how much referrer info is leaked when navigating away.
// missing — add this header to improve security
Permissions-Policy
[ MISSING ]
// Restricts which browser features (camera, mic, etc.) the page can use.
// missing — add this header to improve security
// Save odido.nl → we'll run this daily and alert on changes. /signup →