CheckMyHeaders: Your Go-To Tool for HTTP Security Header Checks
In the realm of web security, vigilance is key. As cyber threats evolve, so must our defenses. That’s why I'm excited to introduce CheckMyHeaders (CMH), a Python-based command-line tool that provides a quick and easy way to analyze your website's HTTP security headers. It’s a practical solution for developers, security researchers, and IT professionals who want to ensure their web applications are armored against common vulnerabilities via secure response headers.
Why HTTP Security Headers Matter
HTTP security headers are a fundamental part of website security. They protect against a variety of attacks such as cross-site scripting (XSS), clickjacking, and other code injection attacks. Implementing the right set of headers can fortify your website's defense, but keeping track of which headers are present (and which are missing) can be challenging. That's where CheckMyHeaders steps in - nice and easy!
How CheckMyHeaders Works
CheckMyHeaders is simple to use. It runs from the command line and checks for the presence of essential security headers like Content-Security-Policy, X-Frame-Options, Strict-Transport-Security, and several others. With a neat, interactive CLI, CheckMyHeaders prompts you to enter the URL of the site you wish to check, then performs a thorough analysis, neatly listing any headers your site is missing.
Key Features
Ease of Use: With a straightforward command-line interface, CheckMyHeaders is accessible to users of all skill levels.
Customizability: You can follow redirects, add cookies, or include an authorization bearer token for authenticated pages.
Progress Indication: Thanks to the integration of the
tqdmlibrary, you get a sleek progress bar while the tool runs its checks.Export Functionality: After the analysis, you can choose to export the results into a CSV file for further review or documentation purposes.
Get Started
To get started with CheckMyHeaders, you'll need Python installed on your system, along with the requests and tqdm libraries. You can install these dependencies easily via pip:
pip install requests tqdm
Once installed, running CheckMyHeaders is as simple as invoking the script from your terminal:
python check_security_headers.py <https://URL>
As the creator of CheckMyHeaders, I wanted to provide the community with a very easy to use tool that I felt was missing from my own toolkit. It’s open-source and available on GitHub, and I encourage fellow developers to contribute and help make it even better.
Check it out here!
https://github.com/smhuda/checkmyheaders