Skip to main content

Scan HTTP security headers

Project description

secheaders

Python script to check HTTP security headers

Same functionality as securityheaders.io but as Python script. Also checks some server/version headers. Written and tested using Python 3.8.

With minor modifications could be used as a library for other projects.

NOTE: The project renamed (2024-10-19) from securityheaders to secheaders to avoid confusion with PyPI package with similar name.

Installation

The following assumes you have Python installed and command python refers to python version >= 3.8.

Install

$ pip install secheaders

Building and running locally

  1. Clone into repository
  2. python -m build
  3. pip install dist/secheaders-0.1.1-py3-none-any.whl
  4. Run secheaders --help

Running from source without installation

  1. Clone into repository
  2. Run python -m secheaders

Usage

$ secheaders --help
usage: secheaders [-h] [--max-redirects N] [--insecure] [--json] [--no-color]
                  [--verbose]
                  URL

Scan HTTP security headers

positional arguments:
  URL                Target URL

options:
  -h, --help         show this help message and exit
  --max-redirects N  Max redirects, set 0 to disable (default: 2)
  --insecure         Do not verify TLS certificate chain (default: False)
  --json             JSON output instead of text (default: False)
  --no-color         Do not output colors in terminal (default: False)
  --verbose, -v      Verbose output (default: False)

Example output

$ secheaders example.com
Header 'x-frame-options' is missing                                   [ WARN ]
Header 'strict-transport-security' is missing                         [ WARN ]
Header 'content-security-policy' is missing                           [ WARN ]
Header 'x-content-type-options' is missing                            [ WARN ]
Header 'x-xss-protection' is missing                                   [ OK ]
Header 'referrer-policy' is missing                                   [ WARN ]
Header 'permissions-policy' is missing                                [ WARN ]
server: ECAcc (nyd/D147)                                              [ WARN ]
HTTPS supported                                                        [ OK ]
HTTPS valid certificate                                                [ OK ]
HTTP -> HTTPS automatic redirect                                      [ WARN ]

Design principles

The following design principles have been considered:

  • Simplicity of the codebase.
    • The code should be easy to understand and follow without in-depth Python knowledge.
  • Avoidance of external dependencies.
    • The Python Standard Libary provides enough tools and libraries for quite many use cases.
  • Unix philosophy in general
    • "Do one thing and do it well"

These are not rules set in stone, but should be revisited when doing big design choices.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

secheaders-0.1.1.tar.gz (10.0 kB view details)

Uploaded Source

Built Distribution

secheaders-0.1.1-py3-none-any.whl (10.1 kB view details)

Uploaded Python 3

File details

Details for the file secheaders-0.1.1.tar.gz.

File metadata

  • Download URL: secheaders-0.1.1.tar.gz
  • Upload date:
  • Size: 10.0 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/5.1.1 CPython/3.12.7

File hashes

Hashes for secheaders-0.1.1.tar.gz
Algorithm Hash digest
SHA256 88854bda71cfa6dd494d28a490c32efe6bc3648e3a8e5675527f250a5b20beff
MD5 8aa40fe28736bdc932a346ad374738fa
BLAKE2b-256 a2f6f8808e4570d652c62ff2effcd0c778f378faf9d4fe356ad6549382e6c5be

See more details on using hashes here.

File details

Details for the file secheaders-0.1.1-py3-none-any.whl.

File metadata

  • Download URL: secheaders-0.1.1-py3-none-any.whl
  • Upload date:
  • Size: 10.1 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/5.1.1 CPython/3.12.7

File hashes

Hashes for secheaders-0.1.1-py3-none-any.whl
Algorithm Hash digest
SHA256 5dcc844f97743317e6f64ccf8768caf33030d2f513fdea3ea347dfd985192f88
MD5 44f646dffe604b0e6724740abaac656c
BLAKE2b-256 1378b7d4ec4a0bb7f59d4321d8fb4116ba58ceaddb13daa438b629a41c69ed6f

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page