Free Website Security Health Check
This tool gives you a quick health check of your website’s security. It tests your HTTPS setup, checks for unsafe redirects, scans for mixed content, and looks for important security headers that help protect visitors. Just enter your URL to see how your site scores.
What Each Check Means
HTTPS
Checks whether your site is using a secure connection.
Why it matters: It protects data between your site and your visitors. Modern browsers expect every site to use HTTPS.
HTTP → HTTPS Redirect
Checks if visitors are automatically sent to the secure version of your site.
Why it matters: Without this, people can land on an insecure page without realising.
Mixed Content
Checks if a secure page loads any images, scripts or files over an insecure link.
Why it matters: Mixed content weakens security and can trigger browser warnings that put people off.
Strict-Transport-Security (HSTS)
Checks if your site tells browsers to always connect securely.
Why it matters: It stops anyone accidentally using the insecure version of your site.
Content-Security-Policy (CSP)
Checks whether your site controls where scripts and other files can load from.
Why it matters: CSP helps block attackers from injecting malicious code.
X-Content-Type-Options
Checks if the browser is prevented from guessing file types.
Why it matters: This avoids attacks where harmful files pretend to be something safe.
X-Frame-Options
Checks whether other websites are allowed to embed your site inside a frame.
Why it matters: Blocking framing prevents “clickjacking,” where users are tricked into clicking hidden buttons.
Referrer-Policy
Checks how much information your site shares when someone clicks a link to another site.
Why it matters: A good policy protects user privacy.
Permissions-Policy
Checks whether your site controls access to things like cameras, microphones or location data.
Why it matters: It limits your site to only the features it actually needs, improving safety.
Change Log
- 7th Dec 2025 - Launch
