Scores HSTS, CSP, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy, Cross-Origin-* + cookie flags. Emits paste-ready config for Netlify, Cloudflare Pages, Cloudflare Workers, Vercel, nginx, Apache, Caddy, AWS CloudFront, and DigitalOcean App Platform.
Fetches the URL and reads upstream response headers. Scores HSTS, CSP, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy, plus Cross-Origin-* and cache directives. Emits a paste-ready _headers block to fix gaps.