セキュリティヘッダーチェック

HTTP/2 200
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-security-policy: default-src 'self'; frame-ancestors 'none'
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
permissions-policy: camera=(), microphone=(), geolocation=()

Total response headers: 5
Detected security headers: 5
Missing recommended headers: 0
Warnings: 0

Findings:
- Info: Strong HSTS policy with one year or longer max-age, includeSubDomains, and preload
- Info: Content-Security-Policy header detected
- Info: x-content-type-options uses nosniff
- Info: Frame protection detected
- Info: Referrer-Policy uses a stricter value

HTTP/1.1 200 OK
content-type: text/html; charset=utf-8
server: example

Total response headers: 2
Detected security headers: 0
Missing recommended headers: 6
Warnings: 5

Findings:
- Warning: Missing Strict-Transport-Security header
- Warning: Missing Content-Security-Policy header
- Warning: Missing x-content-type-options nosniff header
- Warning: Missing frame protection header or CSP frame-ancestors directive
- Warning: Missing Referrer-Policy header
- Info: Permissions-Policy is not present