HTTP Security Header Checker

About

HTTP Security Header Checker is a one-click security analysis tool that inspects HTTP response headers on any website and gives you an actionable security report.

🔍 WHAT IT DOES
• Scans 18 security headers in a single click
• Grades your site from A+ to F based on weighted severity scoring
• Detects missing, misconfigured, and information-leaking headers
• Provides exact fix suggestions with recommended header values

📋 HEADERS CHECKED
High Severity: Content-Security-Policy (CSP), HSTS, X-Content-Type-Options, X-Frame-Options, Set-Cookie attributes
Medium Severity: Referrer-Policy, Permissions-Policy, X-XSS-Protection, COOP, CORP, Cache-Control
Low Severity: COEP, CSP-Report-Only, X-Permitted-Cross-Domain-Policies, Pragma
Info Leak Detection: Server version exposure, X-Powered-By disclosure

✨ KEY FEATURES
• Instant A+ to F security grade
• Color-coded header status (green=good, red=problem)
• Detailed issue explanations for each missing/misconfigured header
• Copy full report as Markdown for documentation
• Save reports as Word (.doc) or HTML files
• Scan history — browse your last 50 results
• Works offline — all analysis runs locally in your browser

🎯 WHO IT'S FOR
Web developers securing their sites • Security engineers doing quick audits • DevOps checking deployment configs • Anyone who wants a fast security health check

🔒 PRIVACY
No data is collected. No data is sent to external servers. All analysis happens entirely in your browser using local storage only.

HOW TO USE
1. Install the extension
2. Visit any website
3. Click the extension icon in your toolbar
4. Click "Scan" — results appear instantly
5. Click any header row for details and fix suggestions