Frequently Asked Questions

  • What does my score mean?

  • We try and provide a fair score for all sites that we analyse and your score is representative of how many security based HTTP response headers your site issues.

  • What grades can my site get?

  • Your site can score from an A+ grade down to an F grade. The R grade means the site responded with a redirect and you should follow the redirects using the link provided. You can find more information on scoring on our Founder's blog here.

  • How do I get an A+ grade?

  • To get an A+ grade your site needs to issue all the HTTP response headers that we check for. This indicates a high level of commitment to improving security for your visitors.

  • What headers do you check for?

  • Depending on the circumstances, we can check for a wide range of response headers. It's best to conduct a scan and see the list of headers that are present and missing!

  • What do the blue headers mean?

  • The blue headers are additional information that a site owner could look at. These are things like the value of the Server header or other platform specific headers like X-Powered-By divulging information about the software running on the server.

  • Can I raise a bug or request a feature?

  • If you have any feedback you'd like to give, you can reach us here: [email protected]

  • Can we allow your IP addresses for scans?

  • This is the IPv4 address we use for scans if you'd like to allow it.

  • Can we identify your UA for scans?

  • Our scanning engine presents a modern, Chrome UA string when scanning, and it will contain the static string "SecurityHeaders" to identify us.

  • Will the Probely acquisition change anything?

  • No, Security Headers will remain free to use and at the forefront of providing great information and tooling to the community.