HeaderCheck is a python script used to check the security settings of various headers returned by web servers.
The following headers are checked:
- X-XSS-Protection
- X-Content-Type-Options
- X-Frame-Options
- Cache-Control
- Content-Security-Policy
- WebKit-X-CSP
- X-Content-Security-Policy
- Strict-Transport-Security
- Access-Control-Allow-Origin
- Origin
Each header is assessed based on good practice settings as well as displayed for manual checking.
Installation
HeaderCheck is a stand alone python script, as such just decompress the download and move the script to the desired location.
Usage
HeaderCheck can be run in the following form.
$ python HeaderCheck.py [targeturl] [subdirectory]
For example:
$ python HeaderCheck.py www.google.com /
$ python HeaderCheck.py www.bbc.co.uk /news
Please note the space between the domain and the sub directory.