← 返回
未分类 中文

HTTP Header Analyzer

Analyze HTTP security headers and TLS configuration. Find missing headers, weak ciphers, and misconfigurations in web applications.
分析 HTTP 安全头部和 TLS 配置,查找缺失的头部、弱密码以及 Web 应用程序的配置错误。
hostilespider hostilespider 来源
未分类 clawhub v1.0.0 1 版本 100000 Key: 无需
★ 0
Stars
📥 283
下载
💾 0
安装
1
版本
#latest

概述

HTTP Header Analyzer

Check HTTP security headers and TLS configuration. Find missing protections and misconfigurations.

Quick Start

# Analyze a single URL
python3 {baseDir}/scripts/analyze-headers.py https://example.com

# Check multiple targets
python3 {baseDir}/scripts/analyze-headers.py -f urls.txt

# JSON output
python3 {baseDir}/scripts/analyze-headers.py https://example.com --json

Headers Checked

HeaderPurposeRisk if Missing
----------------------------------
Strict-Transport-SecurityForces HTTPSMedium
Content-Security-PolicyXSS protectionMedium-High
X-Frame-OptionsClickjacking protectionMedium
X-Content-Type-OptionsMIME sniffing protectionLow
X-XSS-ProtectionXSS filter (legacy)Low
Referrer-PolicyControls referrer leakageLow
Permissions-PolicyFeature restrictionsLow
Cross-Origin-Opener-PolicyCross-origin isolationLow
Cross-Origin-Embedder-PolicyCross-origin isolationLow
Cross-Origin-Resource-PolicyCross-origin protectionLow

Options

  • URL — Target URL(s) to analyze
  • -f FILE — File with URLs (one per line)
  • --json — JSON output
  • --follow — Follow redirects (default: yes)
  • --timeout SECS — Request timeout (default: 10)
  • --user-agent UA — Custom User-Agent
  • --check-tls — Also check TLS certificate info
  • --severity LEVEL — Minimum severity to report: low, medium, high

Output

=== https://example.com ===
✅ Strict-Transport-Security: max-age=31536000; includeSubDomains
✅ Content-Security-Policy: default-src 'self'
❌ X-Frame-Options: MISSING (clickjacking risk)
✅ X-Content-Type-Options: nosniff
❌ Referrer-Policy: MISSING
⚠️  Server: nginx/1.18.0 (version exposed)

Score: 3/6 security headers present
Risk: MEDIUM

版本历史

共 1 个版本

  • v1.0.0 当前
    2026-05-07 17:40 安全 安全

安全检测

腾讯云安全 (Keen)

安全,无风险
查看报告

腾讯云安全 (Sanbu)

安全,无风险
查看报告

🔗 相关推荐

it-ops-security

MoltGuard - Security & Antivirus & Guardrails

thomaslwang
MoltGuard — OpenClaw 安全守卫,由 OpenGuardrails 提供。安装后可防止您和您的用户受到提示注入、数据泄露及恶意行为的侵害。
★ 116 📥 31,032
it-ops-security

Free Ride - Unlimited free AI

shaivpidadi
管理OpenClaw的OpenRouter免费AI模型,自动按质量排名模型,配置速率限制备用方案,并更新opencla...
★ 472 📥 78,676
data-analysis

Lightpanda Scraper

hostilespider
快速无头浏览器网页抓取,使用 Lightpanda(页面加载 0.5 秒,比 Chromium 快 90 倍),适用于 OSINT 侦察、链接提取和内容抓取。
★ 1 📥 487