Security Check
Security headers checked
across your whole site.
Rocket Vitals audits your SSL certificate, CSP, HSTS, cookie flags, mixed content, and 30+ other security signals — then prioritises what to fix first.
SSL monitoring
Expiry & validity
Header coverage
30+ security headers
Cookie audit
Secure, HttpOnly, SameSite
Mixed content
HTTP on HTTPS pages
What we check
The security issues that matter most for web properties.
SSL certificate status
Checks whether your certificate is valid, expired, or expiring within 7 or 30 days — before visitors see a browser warning.
HTTPS enforcement
Verifies that HTTP traffic redirects to HTTPS and that the redirect target is correct. Flags mixed content on HTTPS pages.
Content-Security-Policy
Detects missing CSP headers and dangerous directives: unsafe-inline, unsafe-eval, and wildcard (*) sources.
HSTS header
Flags sites missing Strict-Transport-Security, which tells browsers to only connect over HTTPS — preventing downgrade attacks.
Clickjacking protection
Checks for X-Frame-Options and CSP frame-ancestors to prevent your pages being embedded in malicious iframes.
Cookie security flags
Inspects every cookie for missing Secure, HttpOnly, and SameSite attributes that expose sessions to attack.
Subresource Integrity
Flags external scripts loaded without integrity hashes — a supply-chain risk if the CDN or third-party is compromised.
Additional security headers
Checks X-Content-Type-Options, Referrer-Policy, Permissions-Policy, and cross-origin isolation headers (COEP, COOP, CORP).
Rocket Vitals by Rocket Park
Know your security posture before a client asks.
Enter any URL to get a full security audit — certificate status, headers, cookie flags, and mixed-content issues, all prioritised by severity.
Check security headers →