Website Security Check: How to Grade Your Security Headers

What is a Security Grade?

A security grade (A+ to F) rates how well your website protects users through HTTP security headers. [SEO Snapshot](/) is one of the few tools that provides this grade as part of an SEO audit.

How We Calculate the Grade

The 7 Headers We Check

1. **HSTS** — Forces HTTPS (3 points)

2. **CSP** — Prevents XSS attacks (3 points)

3. **X-Frame-Options** — Prevents clickjacking (1 point)

4. **X-Content-Type-Options** — Prevents MIME sniffing (1 point)

5. **Referrer-Policy** — Controls referrer data (1 point)

6. **Permissions-Policy** — Restricts browser features (1 point)

7. **Mixed content** — No HTTP on HTTPS pages (1 point)

Plus bonus checks: Cookie flags, SRI, X-Powered-By exposure.

How to Fix a Low Grade

Check your site's security grade with [SEO Snapshot](/) — we provide the exact server configuration (nginx, Apache, Next.js, Vercel) to copy-paste for each missing header.

FAQ

**Q: Do security headers affect SEO?**

A: HTTPS is a confirmed Google ranking factor. Other headers improve trust but aren't direct ranking signals.

**Q: How do I add security headers on Cloudflare?**

A: Cloudflare → Rules → Transform Rules → Modify Response Header. Add each header as a static value.