Http Sec Audit
Audit HTTP security headers for any website. Use when a user asks to check security headers, harden a web server, audit HSTS/CSP/X-Frame-Options compliance,...
22 downloads
Free
Reviewed
HTTP Security Headers Audit
Scan any URL for missing or misconfigured security headers and get an actionable report with grades, fix recommendations, and info-leak detection.
Quick Start
python3 scripts/sec_headers.py https://example.com
Commands
# Single URL audit
python3 scripts/sec_headers.py https://example.com
# Multiple URLs
python3 scripts/sec_headers.py https://example.com https://google.com https://github.com
# JSON output (for programmatic use)
python3 scripts/sec_headers.py https://example.com --json
# Custom timeout
python3 scripts/sec_headers.py https://example.com --timeout 5
What It Checks
Security headers (graded by severity):
Strict-Transport-Security(HSTS) — HIGHContent-Security-Policy(CSP) — HIGHX-Content-Type-Options— MEDIUMX-Frame-Options— MEDIUMReferrer-Policy— MEDIUMPermissions-Policy— MEDIUMX-XSS-Protection— LOWCross-Origin-Opener-Policy(COOP) — LOWCross-Origin-Resource-Policy(CORP) — LOWCross-Origin-Embedder-Policy(COEP) — LOW
Info leak detection:
Serverheader (software version disclosure)X-Powered-By(technology stack leak)X-AspNet-Version(framework version leak)
Grading
| Grade | Score | Meaning |
|---|---|---|
| A | 90–100 | Excellent — all critical headers present |
| B | 75–89 | Good — minor gaps |
| C | 50–74 | Fair — important headers missing |
| D | 25–49 | Poor — significant exposure |
| F | 0–24 | Failing — most headers absent |
Dependencies
pip install requests
Download
ZIP package — ready to use
Skill Info
- Creator
- Johnnywang2001
- Downloads
- 22
- Published
- Mar 15, 2026
- Updated
- Mar 16, 2026