Simple Security Headers
Simple tool for checking HTTP headers, cookies and technology
Security HTTP headers checked
- Content-Security-Policy (CSP)
- Feature-Policy
- Strict-Transport-Security (HSTS)
- X-Frame-Options
- X-Content-Type-Options
- X-XSS-Protection
- Referrer-Policy
Cookie attributes checked
- Expires
- HttpOnly
- Secure
- Path=/
Basic technology identification
Performs a basic technology identification using the apps.json file from Wappalyzer.
Usage
usage: simple-security-headers.py [-h] -u URL [--verify] [--verbose]
This basic tool is inspired by CrossHead project from alvarodh5 and Cristian Barrientos. Definitions are from securityheaders.com