A Python tool to check for missing HTTP security headers on websites. It can check for the presence of security headers like Strict-Transport-Security
, Content-Security-Policy
, X-Frame-Options
, X-Content-Type-Options
, Referrer-Policy
, and Permissions-Policy
.
Installation
To install the package, run:
pip install vulheader
Usage
You can use vulheader
both as a Python package and as a command-line tool.
As a Python Package
You can use the check()
function to check for specific headers or all headers.
To check if a specific header is present or missing, use the following code:
import vulheader
url = "https://example.com"
result = vulheader.check(url, "Strict-Transport-Security")
if result == "missing":
print("Strict-Transport-Security: Missing")
else:
print("Strict-Transport-Security: Present")
You can replace "Strict-Transport-Security"
with any of the following headers to check for their presence:
Strict-Transport-Security
Content-Security-Policy
X-Frame-Options
X-Content-Type-Options
Referrer-Policy
Permissions-Policy
You can also check for all security headers at once:
import vulheader
url = "https://example.com"
header_status = vulheader.check(url)
for header, status in header_status.items():
print(f"{header}: {'Present' if status == 'present' else 'Missing'}")
As a Command-Line Tool
Once installed, you can use vulheader
directly from the command line to check the headers of a website.
To check for all security headers:
vulheader --url https://example.com
To check for a specific header, use the -H
option followed by the header name:
vulheader --url https://example.com -H "Strict-Transport-Security"
Replace "Strict-Transport-Security"
with any of the following headers:
Strict-Transport-Security
Content-Security-Policy
X-Frame-Options
X-Content-Type-Options
Referrer-Policy
Permissions-Policy
Strict-Transport-Security: Missing
Content-Security-Policy: Present
X-Frame-Options: Missing
X-Content-Type-Options: Missing
Referrer-Policy: Missing
Permissions-Policy: Missing
License
This project is licensed under the MIT License - see the LICENSE file for details.