Security Header Grader ์ ์์: Abinesh Kamal K U
Analyze HTTP security headers on any page - grade, explain misconfigurations, detect tech stack leaks, and get exact fixes. Built for pentesters and developers.
์ฌ์ฉ์ 1๋ช
์ฌ์ฉ์ 1๋ช
ํ์ฅ ๋ฉํ ๋ฐ์ดํฐ
์ ๋ณด
Security Header Grader analyses the HTTP response headers of any website you visit and gives you an instant security grade (AโF), per-header scores, and actionable fix recommendations โ all inside a clean popup.
What it checks (28 headers):
- Transport: Strict-Transport-Security (HSTS)
- Injection / XSS: Content-Security-Policy, X-XSS-Protection
- Clickjacking: X-Frame-Options
- MIME: X-Content-Type-Options, Content-Type
- Privacy: Referrer-Policy, Permissions-Policy, X-DNS-Prefetch-Control
- Cross-Origin Isolation: COOP, COEP, CORP
- CORS: Access-Control-Allow-Origin, Access-Control-Allow-Credentials
- Cookies: Set-Cookie flags (Secure, HttpOnly, SameSite)
- Caching: Cache-Control
- Info leaks: Server, X-Powered-By, X-AspNet-Version, X-Runtime, Via, X-Varnish, and more
Tech Stack Detection:
Identifies 34 server, framework, and CMS signatures (Apache, Nginx, IIS, PHP, WordPress, Drupal, Express, Rails, and more) with risk ratings and direct links to CVE advisories.
Key features:
- Overall grade AโF with animated score ring
- Filter headers by category, missing, or issues
- Per-header score bar with detailed analysis and one-click fix copy
- Tech Stack tab showing info-leak findings with risk levels
- OWASP and MDN documentation links per header
- 100% local โ no data ever leaves your browser, zero telemetry
Built for penetration testers, security researchers, and web developers.
What it checks (28 headers):
- Transport: Strict-Transport-Security (HSTS)
- Injection / XSS: Content-Security-Policy, X-XSS-Protection
- Clickjacking: X-Frame-Options
- MIME: X-Content-Type-Options, Content-Type
- Privacy: Referrer-Policy, Permissions-Policy, X-DNS-Prefetch-Control
- Cross-Origin Isolation: COOP, COEP, CORP
- CORS: Access-Control-Allow-Origin, Access-Control-Allow-Credentials
- Cookies: Set-Cookie flags (Secure, HttpOnly, SameSite)
- Caching: Cache-Control
- Info leaks: Server, X-Powered-By, X-AspNet-Version, X-Runtime, Via, X-Varnish, and more
Tech Stack Detection:
Identifies 34 server, framework, and CMS signatures (Apache, Nginx, IIS, PHP, WordPress, Drupal, Express, Rails, and more) with risk ratings and direct links to CVE advisories.
Key features:
- Overall grade AโF with animated score ring
- Filter headers by category, missing, or issues
- Per-header score bar with detailed analysis and one-click fix copy
- Tech Stack tab showing info-leak findings with risk levels
- OWASP and MDN documentation links per header
- 100% local โ no data ever leaves your browser, zero telemetry
Built for penetration testers, security researchers, and web developers.
๋ฆฌ๋ทฐ์ด 0๋ช
์ด 0์ ์ผ๋ก ํ๊ฐํจ
๊ถํ ๋ฐ ๋ฐ์ดํฐ
ํ์ ๊ถํ:
- ๋ธ๋ผ์ฐ์ ํญ์ ์ ๊ทผ
- ๋ชจ๋ ์น์ฌ์ดํธ์์ ์ฌ์ฉ์์ ๋ฐ์ดํฐ์ ์ ๊ทผ
๋ฐ์ดํฐ ์์ง:
- ๊ฐ๋ฐ์๋ ์ด ํ์ฅ ๊ธฐ๋ฅ์ด ๋ฐ์ดํฐ ์์ง์ ์๊ตฌํ์ง ์๋๋ค๊ณ ๋ฐํ๊ณ ์์ต๋๋ค.
์ถ๊ฐ ์ ๋ณด
- ๋ถ๊ฐ ๊ธฐ๋ฅ ๋งํฌ
- ๋ฒ์
- 1.0.1
- ํฌ๊ธฐ
- 57.67 KB
- ๋ง์ง๋ง ์ ๋ฐ์ดํธ
- ํ ๋ฌ ์ (2026๋ 6์ 9์ผ)
- ๊ด๋ จ ์นดํ ๊ณ ๋ฆฌ
- ๋ผ์ด์ ์ค
- MIT ๋ผ์ด์ ์ค
- ๋ฒ์ ๋ชฉ๋ก
- ๋ชจ์์ง์ ์ถ๊ฐ