Analyze and score website security headers with remediation suggestions.
- Header Analysis: CSP, HSTS, X-Frame-Options, etc.
- Security Scoring: Grade websites A-F
- Remediation Guide: Fix security issues
- Batch Scanning: Scan multiple domains
- Historical Tracking: Monitor improvements
- CI/CD Ready: Automated scanning
- Content-Security-Policy (CSP)
- Strict-Transport-Security (HSTS)
- X-Frame-Options
- X-Content-Type-Options
- Referrer-Policy
- Permissions-Policy
- X-XSS-Protection
- Cross-Origin-Embedder-Policy (COEP)
- Cross-Origin-Opener-Policy (COOP)
- Cross-Origin-Resource-Policy (CORP)
- TypeScript/Node.js
- axios
- CSP Parser
- CLI with commander
npm install -g security-headers-analyzer
sec-headers check https://example.com
sec-headers batch --file domains.txt
sec-headers monitor --url https://example.com --schedule dailyπ Security Headers Analysis
ββββββββββββββββββββββββββββ
Domain: example.com
Overall Grade: B+
β HSTS: Enabled (max-age=31536000)
β CSP: Missing - CRITICAL
β X-Frame-Options: DENY
β X-Content-Type-Options: nosniff
β Referrer-Policy: Not set - WARNING
Recommendations:
1. Add Content-Security-Policy header
2. Set Referrer-Policy to strict-origin-when-cross-origin
MIT