I built HeaderAudit.com to make it easier to check if your site's HTTP security headers are properly configured. It scans for common issues like missing Content-Security-Policy, Strict-Transport-Security, and other headers that help protect against XSS, clickjacking, and similar attacks.
As a security engineer, I got tired of manually checking headers or piecing together different tools, so I made something straightforward that just works. The goal is simple: point it at a URL and get actionable feedback on what needs fixing.
This is a side project I maintain and improve based on real-world use. If you find bugs, have ideas for new checks, or just want to say hi, feel free to reach out. I'm always looking to make this more useful for developers and security folks.