Posted by HTTP security headers always provide an extra layer of security by helping to mitigate attacks and security vulnerabilities.
During the last few years, a number of new HTTP headers have been introduced whose purpose is to help to enhance the security of a website.
Command HTTP Security Headers –
1. Content-security-policy
2. X-xss-protection
3. Strict-transport-security
4. X-frame-options
5. Public-key-pins
6. X-content-type
Installation of Shcheck –
You can easily install shcheck script which is python based script from Github directly.
Command: git clone https://github.com/m3liot/shcheck.git
Give the full permissions to shcheck.py script with the help of “chmod +x shcheck.py“.
To run this script, simply type “./shcheck.py <Your target>”
You can also analyze or scan all headers online from HTTP HEADER CHECK.
Here is the list of other sites/tools through which you can also scan the security headers of any website.
- Chrome Dev Tools
- Securityheaders.io (our fav website)
Spyboy blog 