Http Security Headers Checker Tool written in PHP Cli + Useful Tips to set Http Security Headers in the most Webservers (Apache,nginx,IIS,...)
The following contains a list of HTTP response headers related to security , declared by OWASP.
- HTTP Strict Transport Security (HSTS)
- Public Key Pinning Extension for HTTP (HPKP)
- X-Frame-Options
- X-XSS-Protection
- X-Content-Type-Options
- Content-Security-Policy
- X-Permitted-Cross-Domain-Policies
- Referrer-Policy
- Expect-CT
To use this tool you need to install PHP CLI . (PHP >=5 is OK)
- Linux : PHP CLI Pre-installed Linux.
- Windows :
Go to : http://windows.php.net/download
Download appropriate released PHP file .
Follow this tutorial : http://www.php-cli.com/php-cli-tutorial.shtml
- Linux : Fire up terminal and enter the below command :
php HttpSecurityHeadersChecker.php
- Windows :
Open CMD (Win + R keys on your keyboard. Then, type cmd or cmd.exe and press Enter).
- Enter the below command :
php.exe HttpSecurityHeadersChecker.php
- Enter website exact URL :
[*] Enter URL (http/https)://[www.]google.com : https://github.com
- Enter "Y" for following website redirection or "N" to disable it.
[*] Do you want to follow redirection ? (Y/N) : Y
- If you want to keep your anonymity , use PROXY. To set Socks5/Tor/Http proxy , enter 1,2 or 3.
[*] Do you want to use proxy ? ([0] => No proxy , [1] => Socks5 , [2] => Tor , [3] =>Http) : 2
- Enable Tor on your PC before using Tor as socks5 proxy .
- Use exact target URL
www.google.com is not as same as google.com .
Or
https is not as same as http And gives different results .
- Hamed - Initial work - Hamed
This project is licensed under the Apache License 2.0 License - see the LICENSE.md file for details