Audit the security headers on any HTTPS URL.

Point Pentrova’s header scanner at any public HTTPS URL and get a prioritized audit of the security-relevant response headers, covering transport, framing, content typing, referrer policy, and permissions. Nothing is stored on our servers.

How the check works

Deterministic rule set

We check for Strict-Transport-Security, Content-Security-Policy, X-Content-Type-Options, Referrer-Policy, Permissions-Policy, and more, with remediation notes for each miss.
Read-only request

The scanner issues a single GET to the URL you provide and reads only the response headers. It never touches forms, cookies, or authenticated routes.
No persistence

Pentrova does not log, cache, or share the URLs you submit. Results live in your browser session only.

/* When JS is disabled the IntersectionObserver never runs, so the `opacity: 0` initial state of reveal elements would hide content permanently. Snap everything visible. */ .scroll-reveal, [data-reveal], .reveal-group > .reveal { opacity: 1 !important; transform: none !important; animation: none !important; } .section-rule { transform: scaleX(1) !important; }

Audit the security headers on any HTTPS URL.

How the check works

Deterministic rule set

Read-only request

No persistence