How do I fix missing security headers on Nginx?

Add add_header directives to your nginx.conf server block. HttpFixer generates the exact lines for HSTS, CSP, X-Frame-Options, and more based on your live headers.

What security headers should every site have?

At minimum: Strict-Transport-Security, Content-Security-Policy, X-Frame-Options, X-Content-Type-Options, and Referrer-Policy. HttpFixer checks all of these plus Permissions-Policy, COOP, and COEP.

Does HttpFixer store my URL or headers?

No. Everything runs client-side in your browser. Your URL and headers never leave your machine.

Security scanners give you a D. HeadersFixer gives you the exact config to paste.

Detects missing or misconfigured security headers. Generates stack-specific fixes for Nginx, Apache, Vercel, Cloudflare, and Express.

Your URL never leaves your browser — this is a live client-side fetch

Tip: get headers with curl -sI https://your-domain.com

Detected: