Frequently asked questions
What does my score mean?
What grades can my site get?
How do I get an A+ grade?
What headers do you check for?
What do the blue headers mean?
Can I raise a bug or request a feature?
We try and provide a fair score for all sites that we analyse and your score is representative of how many security based HTTP response headers your site issues.
Your site can score from an A+ grade down to an F grade. The R grade means the site responded with a redirect and you should follow the redirects using the link provided. There is more information on the scores here.
To get an A+ grade your site needs to issue all of the HTTP response headers that we check for. This indicates a high level of commitment to improving security for your visitors.
Over a HTTP connection we check for Content-Security-Policy, X-Content-Type-Options, X-Frame-Options and X-XSS-Protection. Over a HTTPS connection we check for 2 additional headers which are Strict-Transport-Security and Public-Key-Pins.
The blue headers are additional information that a site owner could look at. These are things like the value of the Server header or other platform specific headers like X-Powered-By divulging information about the software running on the server.
You can raise bugs or request new features right here!