Security headers monitoring checks that critical HTTP response headers are present and configured. Missing headers are a common source of security vulnerabilities caught in penetration tests and compliance audits.

⚙️How it works

Uptrue sends a HEAD request to your URL and checks for the presence of six key security headers: Strict-Transport-Security, Content-Security-Policy, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, and Permissions-Policy.

✓What Uptrue checks

Strict-Transport-Security (HSTS)
Content-Security-Policy (CSP)
X-Frame-Options
X-Content-Type-Options
Referrer-Policy
Permissions-Policy

⚠Alert conditions

One or more required security headers are missing
No security headers found (critical)

Why this matters

Security headers prevent clickjacking, XSS, MIME sniffing, and data leakage. CDN configuration changes, framework updates, or reverse proxy changes can strip them silently.

Set up in 60 seconds

Free plan · 3 monitors · No credit card required

Get Started Free →

?Frequently asked questions

Which headers do you check?

HSTS, CSP, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, and Permissions-Policy.

What score does my site get?

Each header present adds points. Missing any header triggers a degraded status. Missing all triggers a critical alert.

Related Monitor Types

🛡️

Ready to set up Security Headers Monitoring?

Join teams who monitor their infrastructure with Uptrue. Free plan, no credit card required.

Start Monitoring Free