Frequently Asked Questions
What does my score mean?
What grades can my site get?
How do I get an A+ grade?
What headers do you check for?
What do the blue headers mean?
Can I raise a bug or request a feature?
Can we allow your IP addresses for scans?
Can we identify your UA for scans?
Will the Probely acquisition change anything?
We try and provide a fair score for all sites that we analyse and your score is representative of how many security based HTTP response headers your site issues.
Your site can score from an A+ grade down to an F grade. The R grade means the site responded with a redirect and you should follow the redirects using the link provided. You can find more information on scoring on our Founder's blog here.
To get an A+ grade your site needs to issue all of the HTTP response headers that we check for. This indicates a high level of commitment to improving security for your visitors.
Depending on the circumstances, we can check for a wide range of response headers. It's best to conduct a scan and see the list of headers that are present and missing!
The blue headers are additional information that a site owner could look at. These are things like the value of the Server header or other platform specific headers like X-Powered-By divulging information about the software running on the server.
If you have any feedback you'd like to give, you can reach us here: [email protected]
These are the IPv4 and IPv6 addresses we use for scans if you'd like to allow them.
Our scanning engine presents a modern, Chrome UA string when scanning, and it will contain the static string "SecurityHeaders" to identify us.
No, Security Headers will remain free to use and at the forefront of providing great information and tooling to the community.