This script can be used to verify the presence of HTTP security headers.
Note that it merely checks the presence of these headers but does not make any judgement on the effectiveness or correctness of the configurations or rules (e.g., CSP rules, pins of HSTS or X-XSS-Protection set to 0).
This code was used to perform the survey published on Wildfire Labs blog.
- Julio Cesar Fort - julio at blazeinfosec dot com
This project is licensed under the Apache License - see the LICENSE file for details