Is this a full security audit?

No. It checks selected response headers only and is a limited endpoint review.

Why use HEAD requests?

HEAD requests let MyIPScan inspect headers without downloading response bodies.

What targets are allowed?

Only one public HTTP or HTTPS URL is allowed. Private, local, metadata, and unsupported targets are blocked.

Website Security Tool

Security Headers Checker

Check whether a public endpoint returns common security-related HTTP headers. Missing headers can be worth reviewing, but this is not a vulnerability scan.

Check security headers

Enter one public HTTP or HTTPS URL.

Technical response details (optional)

What the results mean

The tool checks for HSTS, Content-Security-Policy, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, and Permissions-Policy. Present headers are one signal, and missing headers need context.

How to use this tool

Enter a public URL.
Review which headers were returned.
Use the HTTP Headers Checker for raw header context, Redirect Checker for chain behavior, Open Graph / Social Preview Checker for share metadata, and Robots.txt, Sitemap, or Canonical / Noindex Checker for crawler and indexing context.

FAQ

Is this a score?

No. It is an informational presence check, not an absolute grade.

Can missing headers be intentional?

Yes. Header choices depend on application behavior and rollout risk.

Does this fetch page content?

No. The backend uses constrained HEAD requests and does not proxy response bodies.

B2B diagnostic report model

Website and domain diagnostics

Public website checks connect HTTPS/SSL, redirects, headers, DNS, robots/sitemap, canonical/noindex, structured data, and social preview signals.

SummaryStart with a plain-language status for the public target.

Top issuesPrioritize the few findings that need attention first.

What passedShow expected public signals without turning them into a certification.

What needs reviewSeparate limited, unavailable, and review-worthy signals.

Why it mattersExplain the business, delivery, crawl, or implementation impact.

Recommended fixesPoint to the DNS, hosting, email, CMS, or SEO owner who can act.

What this tool cannot checkThis is not a vulnerability scan, penetration test, malware scan, uptime monitor, or full security audit.

Client-safe copyClient-safe copy should keep issue summaries and recommended fixes while avoiding raw headers, cookies, tokens, credentials, and oversized payloads.

Monitoring beta (optional)Optional monitoring beta can track public changes in SSL, redirects, headers, DNS, robots/sitemap, canonical/noindex, and metadata after a target is approved.

Client-safe report

Share findings without leaking raw technical material

Use Safe Copy or this page's summary when sending results to a client, vendor, developer, or support team. Raw headers, credentials, tokens, cookies, private addresses, email local-parts, and oversized payloads should stay out of client-facing copy.

Review Safe Copy Ask about monitoring beta

Check my website/domain

What this checks

Public DNS, HTTP, HTTPS, certificate, redirect, header, IP/ASN, or domain configuration signals.

Limits

What this cannot check

It cannot perform credentialed vulnerability testing, scan private hosts, bypass access controls, or certify complete security.

Read results

How to use the output

Treat results as review signals for this browser/session or public target. Re-test after one change, then use Safe Copy or notes that avoid raw identifiers.