HTTP response header analyzer with a dark GUI. Fetches headers from any URL via a local Python server, flags exposed fingerprints, checks for missing security headers, analyzes cookie flags and CORS policy, and computes a security score.
pip install flask flask-cors requests
python header_server.pyThen open header_analyzer.html in your browser.
Enter a URL in the search bar and click Analyze. The server fetches the headers and returns a full analysis.
| Page | Description |
|---|---|
| Header Analyzer | Main view β URL input, header list, score, missing headers |
| History | All analyses from the current session, reloadable on click |
| Security Audit | Checklist of best practices, auto-checked if an analysis was run |
| Settings | Server port, timeout, User-Agent |
| About | Risk legend, version info, setup instructions |
| Column | Description |
|---|---|
| π΄ Red | Critical issue β missing security header or exposed fingerprint |
| π‘ Yellow | Warning β misconfigured header, weak cookie flags, CORS issue |
| π’ Green | Normal β standard header, no concern |
Security score is 0β100 based on present security headers minus penalties for exposed fingerprints.
- Exposed fingerprints β
Server,X-Powered-By,X-Generator,X-AspNet-Version, etc. - Missing security headers β HSTS, CSP, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy
- Cookie issues β missing HttpOnly, Secure, SameSite flags
- CORS β wildcard
Access-Control-Allow-Origin - CDN info β Cloudflare, Fastly, AWS CloudFront via CF-Ray and IP ranges