Skip to content

nicoSWD/headsec

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

59 Commits

app

app

 
 

bin

bin

 
 

build

build

 
 

screenshots

screenshots

 
 

src

src

 
 

tests

tests

 
 

.gitignore

.gitignore

 
 

.scrutinizer.yml

.scrutinizer.yml

 
 

.travis.yml

.travis.yml

 
 

LICENSE.md

LICENSE.md

 
 

Makefile

Makefile

 
 

README.md

README.md

 
 

composer.json

composer.json

 
 

install.sh

install.sh

 
 

phpunit.xml.dist

phpunit.xml.dist

 
 

Repository files navigation

headsec (β)

Build Status Scrutinizer Code Quality

Test a site's HTTP headers for possible security issues. This is a little like Scott Helme's SecurityHeaders.com, but it can be run locally on your machine or CI

screenshot

Basic usage

This will analise the headers returned by the supplied URL and print the results. By default, non-security headers are omitted in the output, but can be printed as well by passing the --show-all-headers flag (or -a)

$ headsec google.com

By default it'll follow redirects and only print the results of the last URL. To stop following redirects, pass the --ignore-redirects flag (or -r)

$ headsec google.com --ignore-redirects

Advanced usage

If you're trying to test an URL that requires authentication, a POST request, or anything of the like, you can use curl and pipe the result to headsec

$ curl https://yahoo.com/ --head -sS | headsec

Installation

$ curl https://raw.githubusercontent.com/nicoSWD/headsec/master/install.sh -sS | sh

Build from source

Build

$ make

Test

$ make test

Install

$ make install

About

Check a site's security headers

Topics

http security security-audit security-tools header-parser securityheaders

Resources

Readme

License

MIT license
Activity

Stars

4 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

2 tags

Packages

No packages published

Languages