A lightweight tool for evaluating the security posture of websites by inspecting HTTP response headers.
security1st/- Core packagescanner/- Security check modulesreport/- Report generationutils/- Shared utilities (scoring, assessment)
run.py- Entry point (CLI and Web UI)
# CLI mode
python run.py
# Web UI mode (Flask, port 5001)
python run.py --webChecks 8 security headers across three categories:
Critical: Strict-Transport-Security, Content-Security-Policy, X-Frame-Options
Recommended: X-Content-Type-Options, Referrer-Policy
Modern: Permissions-Policy, Cross-Origin-Opener-Policy
Legacy: X-XSS-Protection
Results are scored with weighted assessment and ranked S through D.
- Terminal display with score summary and prioritized recommendations
- JSON report (
security_report.json)
- Python 3.x
requestsfor HTTP inspection- Flask for Web UI
- Follow the Research, Strategy, Execution cycle.
- Add tests when introducing new scanner modules.
- Verify changes locally before deploying.
- Use this tool only against authorized targets.
- Local file scanning
- More advanced assessment methods
- Diagnostics beyond HTTP headers