Red Bridge CyberRed Bridge Cyber
Customer Login
What We CheckHow It WorksPricingResearchAboutBlogCustomer Login

What does securityheaders.com actually check?

securityheaders.com makes a single request to your home page and grades the HTTP response headers it gets back, from A+ down to F. It looks for 6 specific headers:

  • Strict-Transport-Security — forces HTTPS
  • Content-Security-Policy — controls what the page may load
  • X-Content-Type-Options — stops content-type guessing
  • X-Frame-Options — blocks clickjacking via embedded frames
  • Referrer-Policy — limits what the browser leaks to other sites
  • Permissions-Policy — switches off browser features like camera and location

That is the entire scope — one page, response headers only. 81% of Australian small business websites have no Referrer-Policy header.* Each missing header is usually a 1-line fix at the hosting or CDN layer.