lilHeaders
Security headers checker: scan any site's live response headers and copy a ready-to-paste baseline for your host
Is your site sending the right headers?
Scan any site's live response headers, see what's missing and why it matters, and copy a ready-to-paste baseline for your host.
Try:
The header report shows up here: HSTS, CSP, frame protection, and the rest, each graded with the actual value found.
Recommended baseline
A safe starting set for any site. CSP is left out on purpose: it's site-specific, and a wrong one breaks things.
Headers sorted? Check your email next.
Locked-down response headers protect what visitors see in the browser. lilDMARC does the same for what lands in their inbox, testing your SPF, DKIM, and DMARC records so spoofed mail in your name gets rejected.
Test your email with lilDMARC