Simple tool for checking HTTP headers, cookies and technology
- Content-Security-Policy (CSP)
- Feature-Policy
- Strict-Transport-Security (HSTS)
- X-Frame-Options
- X-Content-Type-Options
- X-XSS-Protection
- Referrer-Policy
- Expires
- HttpOnly
- Secure
- Path=/
Performs a basic technology identification using the apps.json file from Wappalyzer.
usage: simple-security-headers.py [-h] -u URL [--verify] [--verbose]
This basic tool is inspired by CrossHead project from alvarodh5 and Cristian Barrientos. Definitions are from securityheaders.com