Convurter

Website triage

Security headers triage

Security-header checks are useful launch signals, but they are not a full security audit. Results can vary by URL, redirect path, CDN, environment, and deployment timing.

Details

What to know

1

Check status and redirects first

A missing or unexpected header can belong to a redirect response instead of the final page. Confirm status and redirect chain before interpreting header findings.

2

Headers are policy signals

Security headers such as HSTS, CSP, X-Frame-Options, content-type, and referrer policy describe browser-facing behavior. They do not prove the application is vulnerability-free.

3

SSL and DNS are adjacent checks

Certificate, host, DNS, and IP signals help explain why a site behaves differently across environments. Run them as supporting checks, not substitutes for application review.

4

Document findings as triage

Use Convurter reports to route issues to hosting, DNS, CDN, app, or security owners. Treat the report as a point-in-time diagnostic, not a compliance artifact.

Related tools

HTTP Status Checker HTTP Status Checker for URL input and HTTP-STATUS-REPORT output using Convurter servers. Server HTTP-STATUS-REPORT Redirect Checker Redirect Checker for URL input and REDIRECT-CHAIN output using Convurter servers. Server REDIRECT-CHAIN HTTP Headers Checker HTTP Headers Checker for URL input and HEADERS output using Convurter servers. Server HEADERS Security Headers Checker Security Headers Checker for URL input and SECURITY-HEADER-REPORT output using Convurter servers. Server SECURITY-HEADER-REPORT SSL Checker SSL Checker for DOMAIN input and SSL-REPORT output using Convurter servers. Server SSL-REPORT DNS Lookup DNS Lookup for DOMAIN input and DNS-RECORDS output using Convurter servers. Server DNS-RECORDS

Next

Convurter runtime modes explained Understand browser-local tools, static tools, server lookups, and temporary upload-backed jobs on Convurter. Sensitive files and when not to use a web tool Practical guidance for deciding when a browser-local or upload-backed web tool is appropriate for sensitive files. Supported and unsupported formats Review how Convurter handles supported file formats, lookalike extensions, browser decoding, temporary jobs, and unsupported variants.