HttpSecurityHeadersChecker

Http Security Headers Checker Tool written in PHP Cli + Useful Tips to set Http Security Headers in the most Webservers (Apache,nginx,IIS,…)

Response Headers

The following contains a list of HTTP response headers related to security, declared by OWASP.

• HTTP Strict Transport Security (HSTS)
• Public Key Pinning Extension for HTTP (HPKP)
• X-Frame-Options
• X-XSS-Protection
• X-Content-Type-Options
• Content-Security-Policy
• X-Permitted-Cross-Domain-Policies
• Referrer-Policy
• Expect-CT

Prerequisites :

To use this tool you need to install PHP CLI. (PHP >=5 is OK)

Installing PHP CLI :

• Linux: PHP CLI Pre-installed Linux.
• Windows :
  Go to: http://windows.php.net/download
  Download appropriate released PHP file.
  Follow this tutorial: http://www.php-cli.com/php-cli-tutorial.shtml

git clone https://github.com/Snbig/HttpSecurityHeadersChecker.git

How to use :

• Linux: Fire up a terminal and enter the below command :

php HttpSecurityHeadersChecker.php

• Windows: Open CMD (Win + R keys on your keyboard. Then, type cmd or cmd.exe and press Enter).
• Enter the below command :

php.exe HttpSecurityHeadersChecker.php

• Enter website exact URL :

[*] Enter URL (http/https)://[www.]google.com : https://github.com

• Enter “Y” for following website redirection or “N” to disable it.

[*] Do you want to follow redirection ? (Y/N) : Y

• If you want to keep your anonymity, use PROXY. To set Socks5/Tor/Http proxy , enter 1,2 or 3.

[*] Do you want to use proxy ? ([0] => No proxy , [1] => Socks5 , [2] => Tor , [3] =>Http) : 2

• Enable Tor on your PC before using Tor as socks5 proxy.

Copyright 2019 Snbig(Hamed)

Source: https://github.com/Snbig/