Balou Tools

🛡️ Security Header Check

Checks HTTP security headers (HSTS, CSP, X-Frame-Options) and provides server fixes.

Related Tools & Utilities

Security & SSL
SSL/TLS Check

Analyzes SSL/TLS certificates, certificate chains, expiration dates, and ciphers.

Launch Tool
Network & DNS
HTTP Header Check

Reads all HTTP response headers of a web address and analyzes their status.

Launch Tool

Guide & best practices

Security Header Check with score and fix guidance

Find missing or weak HTTP security headers and get actionable snippets for common server stacks.

Typical use cases

Useful after deployments, before security reviews, for clickjacking/XSS hardening, compliance baselines and staging vs production checks.

How Balou scores headers

Balou fetches the URL, categorizes relevant headers, scores risks and links CSP findings to the dedicated CSP Evaluator.

Header hardening best practices

Start with HSTS, CSP, X-Content-Type-Options, Referrer-Policy and Permissions-Policy. Test changes in staging first.

Frequently asked questions

Which headers matter most?

HSTS, CSP, X-Content-Type-Options, frame-ancestors/X-Frame-Options and Referrer-Policy are core basics.

Why is CSP more than one header?

CSP must fit the application; too strict breaks assets, too broad weakens XSS protection.

Can I copy snippets directly?

Use them as safe starting points and test them against your app, CDN and host.

How do I improve the score?

Add missing headers, avoid unsafe wildcards and harden CSP with nonces or hashes.