Analyse the security of your HTTP response headers

Privacy Policy

Last updated: February 7, 2026

1. Introduction

Security Headers (securityheaders.ai) is committed to protecting your privacy. This Privacy Policy explains what information we collect, how we use it, and your rights regarding that information when you use our website, API, and related services (collectively, the "Service").

2. Information We Collect

2.1 Scan Data

When you use the Service to scan a URL, we collect:

  • The URL you submit for scanning (query parameters are automatically stripped before storage).
  • The HTTP response headers returned by that URL.
  • The grade, score, and analysis results generated by our scanner.
  • The IP address of the scanned domain.
  • A timestamp of when the scan was performed.

We do not access, download, or store the content of scanned websites. We only analyse publicly available HTTP response headers.

2.2 Server Logs

Our web server automatically logs standard access information, which may include your IP address, browser user agent, referring URL, and the pages you visit. These logs are used for operational purposes and are retained for up to 30 days.

2.3 API Keys

If you use our API, we store the API key associated with your access. We do not collect personal information as part of API key issuance unless you provide it voluntarily.

3. How We Use Your Information

We use the information we collect to:

  • Provide and operate the Service, including generating scan results and grades.
  • Display recent scan history on the website.
  • Monitor and improve the performance, security, and reliability of the Service.
  • Detect and prevent abuse, fraud, and unauthorized access.

4. Data Sharing

We do not sell, rent, or trade your information. We may share information only in the following circumstances:

  • Public scan history: Recently scanned URLs and their grades may be displayed publicly on the website. Do not scan URLs you wish to keep private.
  • Legal requirements: We may disclose information if required by law, regulation, or legal process.
  • Service providers: We may use third-party infrastructure providers (hosting, CDN) who process data on our behalf under appropriate safeguards.

5. Data Retention

  • Scan results are stored in a local database and retained indefinitely unless manually deleted.
  • Server access logs are retained for up to 30 days.
  • We do not currently offer a self-service mechanism to delete individual scan records. If you need a scan record removed, please contact us.

6. Cookies & Tracking

The Service does not use cookies, tracking pixels, or third-party analytics tools. We do not track your activity across other websites.

7. Security

We take reasonable measures to protect the information we collect, including encrypted connections (HTTPS/TLS), access controls, and regular security reviews. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Request access to the information we hold about you.
  • Request correction or deletion of your information.
  • Object to or restrict certain processing of your information.

To exercise any of these rights, please contact us at our contact page.

9. Children's Privacy

The Service is not directed at children under the age of 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will take steps to delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Your continued use of the Service after changes are posted constitutes acceptance of the revised policy.

11. Contact

If you have questions about this Privacy Policy or our data practices, please contact us at our contact page.