Nuclear Grade HTTP Security Headers Scanner
Passive analyzer for modern web security headers with strict validation
by MR.Thugh • 2026 Edition
HeaderGuard is a fast, passive Bash tool that scans HTTP response headers and checks for the presence and strength of critical security protections:
- Strict-Transport-Security (HSTS)
- Content-Security-Policy (CSP)
- Permissions-Policy
- X-Content-Type-Options
- X-Frame-Options
- Referrer-Policy
- Cross-Origin-Opener-Policy (COOP)
- Cross-Origin-Resource-Policy (CORP)
- Cross-Origin-Embedder-Policy (COEP)
- Very strict regex validation + detection of weak/misconfigured values
- Cyberpunk-style colorful output with big MR.Thugh banner
- JSON output support (perfect for scripts, CI/CD, monitoring)
- Detects information leaks (Server, X-Powered-By, etc.)
- Supports
--insecure(skip SSL verification),--json,--verbose - Nuclear-grade rating system (NUCLEAR / GODMODE / ELITE / PRO / VULNERABLE)
git clone https://github.com/MRThugh/HeaderGuard.git
cd HeaderGuard
chmod +x headerguard.sh
# Optional: make it global or shorter
sudo ln -s "$(pwd)/headerguard.sh" /usr/local/bin/hg