SiteTraceKit Glossary
What are Security Headers?
Security headers are small HTTP instructions that help browsers understand how a site wants content, framing, referrers and transport security to behave.
Short definition
A security header is an HTTP response header that can define browser-side rules, such as whether a page may be framed or which referrer information may be sent.
Simple example
Strict-Transport-Security, Content-Security-Policy, Referrer-Policy and X-Content-Type-Options are common examples.
Why it matters for website checks
They can reduce browser-side exposure and make a website's intended handling of resources clearer for owners, agencies and technical reviewers.
Limits
A visible header does not prove that every route is configured well. A missing header also needs context, because different sites have different risk profiles.
What does this mean for website owners?
Use the signal as a starting point for manual review. The website’s purpose, technical environment and actual configuration provide the necessary context.
Matching checker
Security Header Checker - Review common browser security headers such as HSTS, CSP, Referrer-Policy and X-Content-Type-Options.
FAQ
Does every website need every security header?
No. The useful set depends on the site. Login areas, shops, SaaS products and forms usually deserve closer header planning.
Can SiteTraceKit test whether a header is perfectly configured?
No. It shows public header presence and values so a person can review them in context.
Why can headers differ between pages?
CDNs, redirects and application routes can return different responses. A homepage check is a useful starting point, not a full route audit.