Frequently asked questions
What does my score mean?
What grades can my site get?
How do I get an A+ grade?
What headers do you check for?
What do the blue headers mean?
Can I raise a bug or request a feature?
Can we allow your IP addresses for scans?
Can we identify your UA for scans?
We try and provide a fair score for all sites that we analyse and your score is representative of how many security based HTTP response headers your site issues.
Your site can score from an A+ grade down to an F grade. The R grade means the site responded with a redirect and you should follow the redirects using the link provided. You can find more information on scoring on our Founder's blog here.
To get an A+ grade your site needs to issue all of the HTTP response headers that we check for. This indicates a high level of commitment to improving security for your visitors.
Depending on the circumstances, we can check for a wide range of response headers. It's best to conduct a scan and see the list of headers that are present and missing!
The blue headers are additional information that a site owner could look at. These are things like the value of the Server header or other platform specific headers like X-Powered-By divulging information about the software running on the server.
If you have any feedback you'd like to give, you can reach us here: [email protected]
These are the IPv4 and IPv6 addresses we use for scans if you'd like to allow them.
Our scanning engine presents a modern, Chrome UA string when scanning, and it will contain the static string "SecurityHeaders" to identify us.