Insights / Missing Headers

🛡️ Companies missing security headers

These domains are missing critical HTTP security headers like Content-Security-Policy, X-Frame-Options, or Strict-Transport-Security.

1597
Companies affected
2378
Total scanned
67%
Prevalence
Domain
Score
Tier
Missing Headers
post.fm
42/100
Fail
CSP, X-Content-Type-Options, X-Frame-Options
primelightworks.com
42/100
Fail
CSP, X-Content-Type-Options, X-Frame-Options
tensil.ai
42/100
Fail
CSP, X-Content-Type-Options, X-Frame-Options
wundrbar.com
42/100
Fail
CSP, X-Content-Type-Options, X-Frame-Options
goubiq.com
45/100
Fail
CSP, X-Content-Type-Options, X-Frame-Options
+1592 more companies
This dataset is available on request. Leave your work email and we'll send you the full list within 24 hours.
No spam — we only use this to send you the data
Request received
We'll send the full dataset to your inbox shortly. Keep an eye out for an email from the LynxRadar team.

Which companies are missing HTTP security headers?

HTTP security headers instruct browsers to enforce protections against cross-site scripting (XSS), clickjacking, MIME sniffing, and other common web attacks. Key headers include Content-Security-Policy (CSP), X-Frame-Options, X-Content-Type-Options, Strict-Transport-Security (HSTS), and Permissions-Policy. The domains below were found by LynxRadar to be missing one or more critical security headers.

LynxRadar scanned 2378 domains including Fortune 500 companies and Y Combinator startups. Of those, 1597 (67%) were found to have this security gap. The data above is updated continuously as new domains are scanned. Scan any domain to check its status.

Frequently Asked Questions

What are the most important security headers?
The five most critical HTTP security headers are: Content-Security-Policy (prevents XSS), Strict-Transport-Security (enforces HTTPS), X-Frame-Options (prevents clickjacking), X-Content-Type-Options (prevents MIME sniffing), and Permissions-Policy (restricts browser features).
How many companies are missing security headers?
In LynxRadar's scan of 2378 domains, 1597 (67%) were found missing one or more recommended HTTP security headers.