Is Security Headers Inspector free to use?

Security Headers Inspector is part of the open-source DebugTools toolkit and the core browser workflow is free to use.

Does Security Headers Inspector send my data to a server?

Security Headers Inspector is local-first. The core workflow runs in your browser and does not require sending pasted content to DebugTools servers.

tools / security-headers

Security Headers Inspector

Paste response headers to score browser security protections, missing headers, and cookie flags.

header score

Present headers

content-security-policyx-frame-optionsx-content-type-options

Missing headers

strict-transport-securityreferrer-policypermissions-policy

Cookie warnings

Cookie missing HttpOnlyCookie missing SecureCookie missing SameSite

DebugTools product

Security Headers Inspector

Security Headers Inspector is a focused DebugTools mini-product for developers. Score response headers, missing browser protections, and cookie security flags.

Use cases

Review CORS, CSP, cookie, caching, and browser-protection headers.
Spot missing Secure, HttpOnly, SameSite, HSTS, and CSP controls.
Prepare practical hardening notes from pasted response headers.

How it works

Paste or load the snippet you want to inspect in Security Headers Inspector.
Run the tool in the browser and review the highlighted output.
Copy, export, or turn the result into the next debugging step.

Privacy

Security Headers Inspector is local-first. The core workflow runs in your browser and does not require sending pasted content to DebugTools servers.

This tool history

Recent Security Headers sessions

Only visits for this tool are shown. Pasted content, tokens, request bodies, and logs are not stored here.

Loading this tool history...