全部技能 分类浏览
← 返回
未分类 中文

HTTP Security Headers

Analyze HTTP security headers for any URL. Check for HSTS, CSP, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy, CORS, and more....
Analyze HTTP security headers for any URL. Check for HSTS, CSP, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy, CORS, and more....
charlie-morrison charlie-morrison 来源
未分类 clawhub v1.0.1 1 版本 100000 Key: 无需
★ 0
Stars
📥 349
下载
💾 1
安装
1
版本
#latest

概述

HTTP Security Headers Analyzer

Analyze HTTP response headers for security best practices. Grade websites A-F with actionable recommendations.

Quick Scan (Single URL)

python3 scripts/scan_headers.py <url>

Batch Scan (Multiple URLs)

python3 scripts/scan_headers.py <url1> <url2> <url3>

Output Formats

# Text (default)
python3 scripts/scan_headers.py <url>

# JSON
python3 scripts/scan_headers.py <url> --format json

# Markdown report
python3 scripts/scan_headers.py <url> --format markdown

What It Checks

Security Headers (15 checks)

HeaderImpactDescription
-----------------------------
Strict-Transport-SecurityCriticalHTTPS enforcement, preload, max-age
Content-Security-PolicyCriticalXSS/injection prevention, directive analysis
X-Frame-OptionsHighClickjacking protection
X-Content-Type-OptionsHighMIME sniffing prevention
Referrer-PolicyMediumInformation leakage control
Permissions-PolicyMediumBrowser feature restrictions
X-XSS-ProtectionLowLegacy XSS filter (deprecated but checked)
Cross-Origin-Opener-PolicyMediumCross-origin isolation
Cross-Origin-Resource-PolicyMediumResource sharing control
Cross-Origin-Embedder-PolicyMediumEmbedding restrictions
Cache-ControlMediumSensitive data caching
X-Permitted-Cross-Domain-PoliciesLowFlash/PDF cross-domain
Clear-Site-DataInfoLogout/session clearing
X-DNS-Prefetch-ControlLowDNS prefetch control
Content-TypeHighCharset and MIME type

Negative Indicators (penalize)

  • Server header revealing version info
  • X-Powered-By header present
  • X-AspNet-Version or similar tech disclosure

Grading

  • A+ (100): All critical+high headers present with optimal config
  • A (90-99): All critical headers, minor improvements possible
  • B (75-89): Most headers present, some gaps
  • C (60-74): Several missing headers
  • D (40-59): Major security gaps
  • F (<40): Critical headers missing

CI Integration

Exit codes:

  • 0 — Grade A or better
  • 1 — Grade B-C (warnings)
  • 2 — Grade D-F (failures)

Use --min-grade B to set custom threshold:

python3 scripts/scan_headers.py https://example.com --min-grade B

Workflow

  1. User provides URL(s) to scan
  2. Run the scan script
  3. Present the grade and findings
  4. Highlight critical missing headers first
  5. Provide specific fix recommendations (Nginx, Apache, Cloudflare snippets)

版本历史

共 1 个版本

  • v1.0.1 当前
    2026-05-07 09:02 安全 安全

安全检测

腾讯云安全 (Keen)

安全,无风险
查看报告

腾讯云安全 (Sanbu)

安全,无风险
查看报告

🔗 相关推荐

dev-programming

Pyproject Toml Validator

charlie-morrison
依据 PEP 517/621 规则校验 pyproject.toml 文件,验证项目元数据、构建系统和工具配置,并提供详细报告。
★ 0 📥 518
it-ops-security

OpenClaw Backup

alex3alex
备份与恢复 OpenClaw 数据。适用于创建备份、设置自动备份计划、从备份恢复或管理备份轮转。处理 ~/.openclaw 目录归档并包含适当的排除规则。
★ 90 📥 30,941
it-ops-security

1password

steipete
设置和使用 1Password CLI (op)。适用于:安装 CLI、启用桌面应用集成、登录(单/多账户)、通过 op 读取/注入/运行密钥。
★ 53 📥 31,630

Skill工具集 © 2026