Pinglyra
Features

Find the missing security headers on every client site

Automatic checks for HSTS, CSP, X-Frame-Options, and other headers that harden a site against common attacks.

Run a free scan Start free
Quick answer

What is a security headers check?

A security headers check inspects the HTTP response headers a website returns to see whether protective headers like HSTS, Content-Security-Policy, and X-Frame-Options are present and configured. SiteGuard Monitor checks these across all client domains, scores them, and reports missing or weak headers in plain language.

Security headers are a cheap, high-impact layer of defense that most sites simply forget to set. SiteGuard Monitor checks the response headers on every client domain and shows you, in plain language, which protective headers are missing and which are doing their job.

The problem: missing headers are easy to overlook

Headers like HSTS and Content-Security-Policy don't affect how a site looks, so they're routinely missing. That leaves sites more exposed to clickjacking, protocol downgrade, content injection, and other attacks, and nobody notices until a security audit or an incident.

How SiteGuard solves it

SiteGuard reads each site's HTTP response headers, checks for the important protective ones, and grades the result. You get a clear list of what's present, what's missing, and what to add, across every client at once.

  • Detects key security headers per domain
  • Plain-language present/missing breakdown
  • Feeds the explainable 0-100 risk score
  • Re-checks over time with change alerts

What gets checked

SiteGuard looks for the response headers that meaningfully reduce a site's attack surface and flags the gaps.

  • Strict-Transport-Security (HSTS)
  • Content-Security-Policy (CSP)
  • X-Frame-Options and clickjacking protection
  • X-Content-Type-Options, Referrer-Policy, and related headers

Example workflow

Scan a domain and get an instant header report card.

  • Add the client domain to your dashboard
  • Run a scan to see the current header configuration
  • Get alerted if headers are removed or change
  • Present the findings in the branded monthly report

Why agencies use it

Header checks make a great audit deliverable and an easy remediation upsell. They show clients you're thinking about security at a level competitors aren't, and they harden sites against real, common attacks with minimal effort.

  • Stand out with a security-aware audit
  • Create concrete, billable remediation work
  • Reduce exposure to common web attacks
  • Back it up with a clear monthly report

Safe, passive checks

SiteGuard reads the response headers a site already sends to every visitor. It's a passive, read-only inspection with no aggressive scanning, no payloads, and no impact on the live site.

Frequently asked questions

Which security headers does SiteGuard check?
SiteGuard checks the headers that matter most for hardening a site, including Strict-Transport-Security (HSTS), Content-Security-Policy, X-Frame-Options, X-Content-Type-Options, and Referrer-Policy, reporting which are present and which are missing.
Is a security headers check the same as a penetration test?
No. A headers check is a passive, read-only inspection of the response headers a site already returns. It highlights easy, high-value hardening opportunities but doesn't probe for vulnerabilities or perform any intrusive testing.
Will I be alerted if headers change?
Yes. SiteGuard re-checks headers over time and alerts you via email and Discord if a protective header is removed or changes, so a deploy doesn't quietly undo your hardening work.
How do header findings appear to clients?
Header results feed the 0-100 risk score and are explained in plain language in the branded monthly reports, so clients understand what's protected without needing to know what a header is.
Does SiteGuard configure the headers for me?
No. SiteGuard identifies which headers are missing or weak so you know exactly what to add, but the headers are configured on the site or server by you. The check makes the to-do list clear.
Will the check affect my live site?
No. SiteGuard only reads the headers your site already sends with normal responses. There's no aggressive scanning and no payloads, so the check has no impact on the live site.

Related

Security headers checker tool →Website risk score checker →Email security monitoring →SSL monitoring →Website risk reports for clients →Features overview →

Start monitoring in minutes

Run a free scan, then turn it into 24/7 monitoring with branded client reports — under your brand.

Run a free scan Start free trial