Frequently asked questions

  • What does my score mean?

  • We try and provide a fair score for all sites that we analyse and your score is representative of how many security based HTTP response headers your site issues.

  • What grades can my site get?

  • Your site can score from an A+ grade down to an F grade. The R grade means the site responded with a redirect and you should follow the redirects using the link provided. There is more information on the scores here.

  • How do I get an A+ grade?

  • To get an A+ grade your site needs to issue all of the HTTP response headers that we check for. This indicates a high level of commitment to improving security for your visitors.

  • What headers do you check for?

  • Over a HTTP connection we check for Content-Security-Policy, X-Content-Type-Options, X-Frame-Options and X-XSS-Protection. Over a HTTPS connection we check for 2 additional headers which are Strict-Transport-Security and Public-Key-Pins.

  • What do the blue headers mean?

  • The blue headers are additional information that a site owner could look at. These are things like the value of the Server header or other platform specific headers like X-Powered-By divulging information about the software running on the server.

  • Can I raise a bug or request a feature?

  • You can raise bugs or request new features right here!