Security Headers Audit
Check security headers on every page in a single crawl.
Security headers are a quick win that most SEO audits skip entirely. Crawly audits five key headers on every crawled page and flags any that are missing - no separate tool, no manual checks.
HSTS, Content-Security-Policy, X-Frame-Options, Referrer-Policy, and X-Content-Type-Options are checked per-page and surfaced in the Issues tab alongside your other SEO findings.
How it works
- 1
Run a crawl. Crawly reads the response headers from every page it visits.
- 2
Open the Issues tab. Missing security headers appear as flagged issues.
- 3
Click any issue to see which pages are missing that header.
- 4
Export the list for your server admin or development team.
Why it matters
Five headers per page
HSTS, Content-Security-Policy, X-Frame-Options, Referrer-Policy, and X-Content-Type-Options - all checked automatically on every crawled URL.
No extra tool needed
Security header checks run as part of the standard crawl. There is nothing to configure - the data is always there when you need it.
Page-level visibility
See exactly which pages are missing which headers - useful for sites where headers are set inconsistently across templates or subdomains.
Use cases
Technical SEO audits
Include security header findings in your standard audit delivery. Missing HSTS on an HTTPS site is a common, easily fixed issue that clients appreciate catching.
Pre-launch checks
Verify that security headers are configured correctly on a staging environment before go-live, alongside your other technical checks.
Security-conscious clients
For clients in regulated industries (finance, healthcare), security headers are often a compliance requirement. Crawly gives you a fast way to audit them site-wide.
Related features
Start crawling smarter
Download Crawly for free. Connect to Claude Code via MCP and start auditing your site in minutes.
Download free