HeaderLint

About

HeaderLint analyzes HTTP security headers on the current browser tab and provides an A-F letter grade with per-header findings and copy-paste remediation guidance.

Because it runs inside your existing browser session, HeaderLint can scan pages behind login — no credentials or proxy setup required.

Headers analyzed:
  - Content-Security-Policy (CSP)
  - Strict-Transport-Security (HSTS)
  - Referrer-Policy
  - X-Content-Type-Options
  - Permissions-Policy
  - X-Frame-Options
  - X-XSS-Protection

Each header is scored as Correct (100), Weak (50), or Missing (0). The overall score is a weighted sum across all seven headers, mapped to a letter grade (A through F).

For every finding, HeaderLint shows:
  - A severity badge (Pass / Weak / Missing)
  - A plain-language explanation of the issue
  - A recommended header value you can copy directly into your server config
  - A link to MDN documentation

Click "Copy JSON" to export the full analysis as structured JSON for reporting or automation.

Supports light and dark mode based on your system preference.