cd ../tools

public cyber tool / developers / browser-side

Security Headers Checker

Paste response headers, for example the output of `curl -I https://example.com`, and get a readable security report.

audit --headers --paste local analysis / no remote fetch
audit --headers --paste

Headers to review

HSTS reduces downgrade risk to HTTP when HTTPS is configured correctly.

CSP limits the origins from which the browser can load scripts, frames, images and other resources.

Referrer-Policy and Permissions-Policy reduce data exposure and unnecessary browser surfaces.

references

OWASP Secure Headers Project MDN HTTP Observatory