Security Headers
Security headers checker with letter grade, severity levels, batch scan, site compare, fix snippets, and shareable report card.
As of June 2026, Security Headers has 52 users in the Developer Tools category.
Usersno change0%
52
52
Ratingno change0%
—
— reviews
Reviewsno change0%
—
Version
1.1.0
Manifest V3
90-day change · In the last 90 days this extension 1 version update, changed permissions.
History
9 snapshotsTracking since Apr 9, 2026.
View as table
| Date | Users | Rating | Reviews | Version |
|---|---|---|---|---|
| Apr 9, 2026 | — | — | — | 1.0.0 |
| Apr 20, 2026 | — | — | — | 1.0.0 |
| Apr 25, 2026 | 7 | — | — | 1.1.0 |
| May 9, 2026 | 7 | — | — | 1.1.0 |
| May 14, 2026 | 14 | — | — | 1.1.0 |
| May 20, 2026 | 22 | — | — | 1.1.0 |
| May 26, 2026 | 32 | — | — | 1.1.0 |
| Jun 2, 2026 | 40 | — | — | 1.1.0 |
| Jun 8, 2026 | 46 | — | — | 1.1.0 |
| Now | 52 | — | — | 1.1.0 |
Changelog
- Apr 20, 2026description
Inspect HTTP security headers on any site and get an instant letter grade. Security Headers scans any webpage's HTTP response headers and grades them A+ through F based on security best practices. See which headers are present, missing, or misconfigured — all in one click. How it works: 1. Click the extension icon on any page. 2. Hit "Scan This Page" to analyze security headers. 3. See your letter grade (A+ to F) with color coding. 4. Review each header with pass/fail status and recommendations. Headers checked: - Content-Security-Policy (CSP) - Strict-Transport-Security (HSTS) - X-Content-Type-Options - X-Frame-Options - X-XSS-Protection (flagged as deprecated) - Referrer-Policy - Permissions-Policy - Cross-Origin-Opener-Policy (COOP) - Cross-Origin-Resource-Policy (CORP) - Cross-Origin-Embedder-Policy (COEP) Features: - Letter grade — instant A+ to F rating based on weighted header analysis. - Color-coded results — green (present and good), yellow (present but weak), red (missing). - Header explanations — each header includes what it does and why it matters. - Recommendations — specific guidance on how to fix missing or weak headers. - Scan history — see grades for recently visited sites stored locally. - Copy report — one-click formatted security report for sharing with your team. - Collapsible sections — expand only the headers you need to investigate. - 100% local — no data leaves your browser. No accounts, no tracking, no servers. Who is this for? - Web developers verifying security headers before deployment. - Security engineers auditing websites for compliance. - DevOps teams checking header configurations. - Anyone curious about a website's security posture. Privacy: Security Headers does not collect, transmit, or share any data. Scan history is stored locally using Chrome's built-in storage. No analytics, no telemetry, no third-party services.
Inspect HTTP security headers on any site and get an instant letter grade — now with severity levels, fix snippets for Nginx/Apache/Express/Cloudflare, batch scanning, and side-by-side site comparison. Security Headers scans any webpage's HTTP response headers and grades them A+ through F based on security best practices, weighted by real-world impact severity. WHAT'S NEW IN v1.1.0: Severity Levels — Missing headers are classified as Critical (CSP, HSTS, X-Frame-Options), Important (Referrer-Policy, X-Content-Type-Options, Permissions-Policy), or Optional (COEP, CORP, COOP). Your grade is weighted accordingly so you can triage fast. Fix Recommendations with Copy-to-Clipboard — Every missing or weak header now shows exactly what to add, with tabs for Nginx, Apache, Express/Node, and Cloudflare. One click to copy the snippet. Batch Scan — Paste a list of URLs, scan them all, see results sorted by grade, and export as CSV. Perfect for auditing an entire domain portfolio. Compare Two Sites — Side-by-side grade cards and full per-header diff. Great for "our site vs competitor" or "staging vs prod" audits. Share Report as PNG — Canvas-rendered grade card you can copy to clipboard or download. Shareable on Slack, social media, or bug tickets. Detailed Attack Explanations — Every header now shows the attack it prevents and a real-world breach example (British Airways CSP bypass, Firesheep HSTS, Twitter clickjacking worm, Spectre COEP, and more). Headers checked: - Content-Security-Policy (CSP) - Strict-Transport-Security (HSTS) - X-Content-Type-Options - X-Frame-Options - X-XSS-Protection - Referrer-Policy - Permissions-Policy - Cross-Origin-Opener-Policy (COOP) - Cross-Origin-Resource-Policy (CORP) - Cross-Origin-Embedder-Policy (COEP) Who is this for? - Web developers verifying security headers before deployment - Security engineers auditing websites for compliance - DevOps teams checking header configurations at scale - Anyone curious about a website's security posture Privacy: Security Headers does not collect, transmit, or share any data. Scan history and preferences are stored locally using Chrome's built-in storage. No analytics, no telemetry, no third-party services.
- Apr 20, 2026short_description
Inspect HTTP security headers on any site and get an instant letter grade. Check CSP, HSTS, and more.
Security headers checker with letter grade, severity levels, batch scan, site compare, fix snippets, and shareable report card.
- Apr 20, 2026host_permissions
(empty)
<all_urls>
Permissions & access
- Permissions
- storageactiveTabscripting
- Host access
- <all_urls>
Screenshots
About
Inspect HTTP security headers on any site and get an instant letter grade — now with severity levels, fix snippets for Nginx/Apache/Express/Cloudflare, batch scanning, and side-by-side site comparison. Security Headers scans any webpage's HTTP response headers and grades them A+ through F based on security best practices, weighted by real-world impact severity. WHAT'S NEW IN v1.1.0: Severity Levels — Missing headers are classified as Critical (CSP, HSTS, X-Frame-Options), Important (Referrer-Policy, X-Content-Type-Options, Permissions-Policy), or Optional (COEP, CORP, COOP). Your grade is weighted accordingly so you can triage fast. Fix Recommendations with Copy-to-Clipboard — Every missing or weak header now shows exactly what to add, with tabs for Nginx, Apache, Express/Node, and Cloudflare. One click to copy the snippet. Batch Scan — Paste a list of URLs, scan them all, see results sorted by grade, and export as CSV. Perfect for auditing an entire domain portfolio. Compare Two Sites — Side-by-side grade cards and full per-header diff. Great for "our site vs competitor" or "staging vs prod" audits. Share Report as PNG — Canvas-rendered grade card you can copy to clipboard or download. Shareable on Slack, social media, or bug tickets. Detailed Attack Explanations — Every header now shows the attack it prevents and a real-world breach example (British Airways CSP bypass, Firesheep HSTS, Twitter clickjacking worm, Spectre COEP, and more). Headers checked: - Content-Security-Policy (CSP) - Strict-Transport-Security (HSTS) - X-Content-Type-Options - X-Frame-Options - X-XSS-Protection - Referrer-Policy - Permissions-Policy - Cross-Origin-Opener-Policy (COOP) - Cross-Origin-Resource-Policy (CORP) - Cross-Origin-Embedder-Policy (COEP) Who is this for? - Web developers verifying security headers before deployment - Security engineers auditing websites for compliance - DevOps teams checking header configurations at scale - Anyone curious about a website's security posture Privacy: Security Headers does not collect, transmit, or share any data. Scan history and preferences are stored locally using Chrome's built-in storage. No analytics, no telemetry, no third-party services.
Technical
- Version
- 1.1.0
- Manifest
- V3
- Size
- 34.2KiB
- Min Chrome
- 88
- Languages
- 1
- Featured
- No
Metadata
- ID
- oahaipcejmlamohcchffgpcnfbidaklj
- Developer ID
- u5e12e9a71151bc2ba6cbec899dc05408
- Developer Email
- [email protected]
- Created
- Apr 9, 2026
- Last Updated (Store)
- Apr 17, 2026
- Last Scraped
- Jun 8, 2026
- Website
- —
- Support URL
- —
Data sourced from the Chrome Web Store · last verified Jun 8, 2026.