What we verify

Browser security headers

Security headers are instructions your website gives every visitor's browser: always use encryption, never allow this site to be framed by attackers, never execute injected content. They cost nothing to add and block entire categories of attack.

TrustedOrigin checks the five headers that matter most on every cycle and grades them into a score, giving security-conscious visitors real evidence of how seriously a site takes their safety.

5 headers
graded per cycle
2x/week
check frequency
0-10
visible trust score

What this check covers

Strict-Transport-Security

HSTS tells browsers to only ever connect over encrypted HTTPS, protecting visitors from downgrade attacks on public networks.

Content-Security-Policy

CSP restricts where scripts and content may load from, the strongest single defence against injected malicious code.

X-Frame-Options

Stops other sites from invisibly framing your pages, the basis of clickjacking attacks that trick visitors into unintended actions.

Content-type and referrer protection

X-Content-Type-Options prevents browsers from misinterpreting files as code, and Referrer-Policy keeps visitor browsing details from leaking to third parties.

What your visitors see

The verification panel shows a "Security Headers" certification listing each header as configured or not set, with an overall score out of ten.

Every result carries a date, so visitors can see the check is recent, and if a serious issue is ever found the badge is removed automatically until it is resolved.

Ready to earn your badge?

One script tag, one plan, every check included. Live on your site in minutes.

Get your badge See all checks