Security Headers Analysis

LoadForge offers a complimentary security header analysis tool for all its subscribed users. This tool critically evaluates the security headers implemented by your web server, assigning a rating based on the adherence of your site to industry best practices.

Our aim is to empower users to configure an optimal application stack. This security header checker is one of the many ways we strive to provide value to our subscribers, helping them maintain a safer and more secure web environment.

Security Header Criteria

When you submit your site for evaluation, LoadForge will assess it based on the following vital security headers:

1. Referrer-Policy: Governs which referrer information sent in the Referrer header should be included with requests made.
2. Content-Security-Policy: Helps prevent cross-site scripting (XSS) and other code injection attacks.
3. X-Xss-Protection: Prevents pages from loading when they detect reflected cross-site scripting (XSS) attacks.
4. X-Content-Type-Options: Stops the browser from MIME-sniffing a response away from the declared content type.
5. Strict-Transport-Security: Ensures that the browser only connects to the server using a secure HTTPS connection.
6. X-Frame-Options: Controls whether a browser should be allowed to render a page in a <frame>, <iframe>, <embed>, or <object>.
7. Permissions-Policy: Allows a site to disable certain browser features and APIs in the interest of user privacy and security.

Understanding Your Report

For each of the above criteria, the report will:

• Detail what each header represents.
• Highlight the benefits of implementing the respective header.
• Guide you on the necessary steps to correctly configure and enable them on your web server.

To view your security headers report, navigate to any validated host in your Hosts View and click on the "Security Headers" icon.