Security Header Grader 作者: Abinesh Kamal K U
Analyze HTTP security headers on any page - grade, explain misconfigurations, detect tech stack leaks, and get exact fixes. Built for pentesters and developers.
擴充套件後設資料
關於此擴充套件
Security Header Grader analyses the HTTP response headers of any website you visit and gives you an instant security grade (A–F), per-header scores, and actionable fix recommendations — all inside a clean popup.
What it checks (28 headers):
- Transport: Strict-Transport-Security (HSTS)
- Injection / XSS: Content-Security-Policy, X-XSS-Protection
- Clickjacking: X-Frame-Options
- MIME: X-Content-Type-Options, Content-Type
- Privacy: Referrer-Policy, Permissions-Policy, X-DNS-Prefetch-Control
- Cross-Origin Isolation: COOP, COEP, CORP
- CORS: Access-Control-Allow-Origin, Access-Control-Allow-Credentials
- Cookies: Set-Cookie flags (Secure, HttpOnly, SameSite)
- Caching: Cache-Control
- Info leaks: Server, X-Powered-By, X-AspNet-Version, X-Runtime, Via, X-Varnish, and more
Tech Stack Detection:
Identifies 34 server, framework, and CMS signatures (Apache, Nginx, IIS, PHP, WordPress, Drupal, Express, Rails, and more) with risk ratings and direct links to CVE advisories.
Key features:
- Overall grade A–F with animated score ring
- Filter headers by category, missing, or issues
- Per-header score bar with detailed analysis and one-click fix copy
- Tech Stack tab showing info-leak findings with risk levels
- OWASP and MDN documentation links per header
- 100% local — no data ever leaves your browser, zero telemetry
Built for penetration testers, security researchers, and web developers.
What it checks (28 headers):
- Transport: Strict-Transport-Security (HSTS)
- Injection / XSS: Content-Security-Policy, X-XSS-Protection
- Clickjacking: X-Frame-Options
- MIME: X-Content-Type-Options, Content-Type
- Privacy: Referrer-Policy, Permissions-Policy, X-DNS-Prefetch-Control
- Cross-Origin Isolation: COOP, COEP, CORP
- CORS: Access-Control-Allow-Origin, Access-Control-Allow-Credentials
- Cookies: Set-Cookie flags (Secure, HttpOnly, SameSite)
- Caching: Cache-Control
- Info leaks: Server, X-Powered-By, X-AspNet-Version, X-Runtime, Via, X-Varnish, and more
Tech Stack Detection:
Identifies 34 server, framework, and CMS signatures (Apache, Nginx, IIS, PHP, WordPress, Drupal, Express, Rails, and more) with risk ratings and direct links to CVE advisories.
Key features:
- Overall grade A–F with animated score ring
- Filter headers by category, missing, or issues
- Per-header score bar with detailed analysis and one-click fix copy
- Tech Stack tab showing info-leak findings with risk levels
- OWASP and MDN documentation links per header
- 100% local — no data ever leaves your browser, zero telemetry
Built for penetration testers, security researchers, and web developers.
由 1 位評論者給出 0 分
權限與資料
更多資訊
- 附加元件網址
- 版本
- 1.0.1
- 大小
- 57.67 KB
- 最近更新
- 1 天前 (2026年6月9日)
- 授權條款
- MIT License
- 版本紀錄
- 新增至收藏集