Skip to content

Latest commit

 

History

History
63 lines (56 loc) · 2.08 KB

README.md

File metadata and controls

63 lines (56 loc) · 2.08 KB

HttpSecurityHeadersChecker

Http Security Headers Checker Tool written in PHP Cli + Useful Tips to set Http Security Headers in the most Webservers (Apache,nginx,IIS,...)

Response Headers

The following contains a list of HTTP response headers related to security , declared by OWASP.

  • HTTP Strict Transport Security (HSTS)
  • Public Key Pinning Extension for HTTP (HPKP)
  • X-Frame-Options
  • X-XSS-Protection
  • X-Content-Type-Options
  • Content-Security-Policy
  • X-Permitted-Cross-Domain-Policies
  • Referrer-Policy
  • Expect-CT

Prerequisites :

To use this tool you need to install PHP CLI . (PHP >=5 is OK)

Installing PHP CLI :

How to use :

  • Linux : Fire up terminal and enter the below command :
php HttpSecurityHeadersChecker.php
  • Windows : Open CMD (Win + R keys on your keyboard. Then, type cmd or cmd.exe and press Enter).
  • Enter the below command :
php.exe HttpSecurityHeadersChecker.php
  • Enter website exact URL :
[*] Enter URL (http/https)://[www.]google.com : https://github.com
  • Enter "Y" for following website redirection or "N" to disable it.
[*] Do you want to follow redirection ? (Y/N) : Y
  • If you want to keep your anonymity , use PROXY. To set Socks5/Tor/Http proxy , enter 1,2 or 3.
[*] Do you want to use proxy ? ([0] => No proxy , [1] => Socks5 , [2] => Tor , [3] =>Http) : 2
  • Enable Tor on your PC before using Tor as socks5 proxy .

Tip :

  • Use exact target URL
    www.google.com is not as same as google.com .
    Or
    https is not as same as http And gives different results .

Author

  • Hamed - Initial work - Hamed

License

This project is licensed under the Apache License 2.0 License - see the LICENSE.md file for details