{"id":13845608,"url":"https://github.com/rfc-st/humble","last_synced_at":"2026-02-15T00:06:15.116Z","repository":{"id":39608825,"uuid":"271747750","full_name":"rfc-st/humble","owner":"rfc-st","description":"A humble, and 𝗳𝗮𝘀𝘁, security-oriented HTTP headers analyzer.","archived":false,"fork":false,"pushed_at":"2026-02-06T16:17:46.000Z","size":34254,"stargazers_count":352,"open_issues_count":0,"forks_count":29,"subscribers_count":4,"default_branch":"master","last_synced_at":"2026-02-07T00:30:54.209Z","etag":null,"topics":["analysis","checklist","cybersecurity","header-parser","headers","http","infosec","kali-linux","owasp","python3","security","security-audit","security-scanner","security-tools"],"latest_commit_sha":null,"homepage":"https://github.com/rfc-st/humble","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/rfc-st.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2020-06-12T08:25:50.000Z","updated_at":"2026-02-06T16:18:37.000Z","dependencies_parsed_at":"2025-12-13T00:01:58.881Z","dependency_job_id":null,"html_url":"https://github.com/rfc-st/humble","commit_stats":null,"previous_names":[],"tags_count":58,"template":false,"template_full_name":null,"purl":"pkg:github/rfc-st/humble","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rfc-st%2Fhumble","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rfc-st%2Fhumble/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rfc-st%2Fhumble/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rfc-st%2Fhumble/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/rfc-st","download_url":"https://codeload.github.com/rfc-st/humble/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rfc-st%2Fhumble/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29461391,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-14T22:42:09.113Z","status":"ssl_error","status_checked_at":"2026-02-14T22:42:05.053Z","response_time":53,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["analysis","checklist","cybersecurity","header-parser","headers","http","infosec","kali-linux","owasp","python3","security","security-audit","security-scanner","security-tools"],"created_at":"2024-08-04T17:03:30.072Z","updated_at":"2026-02-15T00:06:15.109Z","avatar_url":"https://github.com/rfc-st.png","language":"Python","funding_links":[],"categories":["Python"],"sub_categories":[],"readme":"\u003ch1\u003e\u003cp align=\"center\"\u003ehumble\u003c/p\u003e\u003c/h1\u003e\n\u003ch4\u003e\u003cp align=\"center\"\u003eA humble, and fast, security-oriented HTTP headers analyzer\u003c/p\u003e\u003c/h4\u003e\n\u003cbr /\u003e\n\n\u003cp align=center\u003e\n\u003ca target=\"_blank\" href=\"https://devguide.python.org/versions/\" title=\"Minimum Python version required to run this tool\"\u003e\u003cimg src=\"https://img.shields.io/badge/Python-%3E%3D3.11-blue?labelColor=343b41\"\u003e\u003c/a\u003e\n\u003ca target=\"_blank\" href=\"LICENSE\" title=\"License of this tool\"\u003e\u003cimg src=\"https://img.shields.io/badge/License-MIT-blue.svg?labelColor=343b41\"\u003e\u003c/a\u003e\n\u003ca target=\"_blank\" href=\"https://github.com/rfc-st/humble/releases\" title=\"Latest release of this tool\"\u003e\u003cimg src=\"https://img.shields.io/github/v/release/rfc-st/humble?display_name=release\u0026label=Latest%20Release\u0026labelColor=343b41\"\u003e\u003c/a\u003e\n\u003ca target=\"_blank\" href=\"https://github.com/rfc-st/humble/commits/master\" title=\"Latest commit of this tool\"\u003e\u003cimg src=\"https://img.shields.io/badge/Latest_Commit-2026--02--14-blue.svg?labelColor=343b41\"\u003e\u003c/a\u003e\n\u003ca target=\"_blank\" href=\"https://pkg.kali.org/pkg/humble\" title=\"Official tool in Kali Linux\"\u003e\u003cimg src=\"https://img.shields.io/badge/Kali%20Linux-Tool-blue?labelColor=343b41\"\u003e\u003c/a\u003e\n\u003cbr /\u003e\n\u003ca target=\"_blank\" href=\"#\" title=\"Featured on:\"\u003e\u003cimg src=\"https://img.shields.io/badge/Featured%20on:-343b41\"\u003e\u003c/a\u003e\n\u003ca target=\"_blank\" href=\"https://artemis-scanner.readthedocs.io/en/latest/search.html?q=humble\u0026check_keywords=yes\u0026area=default\" title=\"Artemis vulnerability scanner\"\u003e\u003cimg src=\"https://img.shields.io/badge/Artemis-blue\"\u003e\u003c/a\u003e\n\u003ca target=\"_blank\" href=\"https://blog.csdn.net/gitblog_01072/article/details/141745712\" title=\"Chinese Software Developer Network\"\u003e\u003cimg src=\"https://img.shields.io/badge/CSDN-blue\"\u003e\u003c/a\u003e\n\u003ca target=\"_blank\" href=\"https://docs.defectdojo.com/supported_tools/parsers/file/humble/\" title=\"Importing and parsing 'humble' results in DefectDojo\"\u003e\u003cimg src=\"https://img.shields.io/badge/DefectDojo-blue\"\u003e\u003c/a\u003e\n\u003ca target=\"_blank\" href=\"https://book.hacktricks.wiki/en/network-services-pentesting/pentesting-web/special-http-headers.html\" title=\"HackTricks\"\u003e\u003cimg src=\"https://img.shields.io/badge/HackTricks-blue\"\u003e\u003c/a\u003e\n\u003ca target=\"_blank\" href=\"https://headerscan.com/humble/\" title=\"Security Header Scanner\"\u003e\u003cimg src=\"https://img.shields.io/badge/HeaderScan-blue\"\u003e\u003c/a\u003e\n\u003ca target=\"_blank\" href=\"https://www.linux-magazin.de/ausgaben/2022/11/tooltipps/\" title=\"Linux Magazin\"\u003e\u003cimg src=\"https://img.shields.io/badge/Linux%20Magazin-blue\"\u003e\u003c/a\u003e\n\u003ca target=\"_blank\" href=\"https://merginit.com/blog/18082025-http-security-header-checker-tools\" title=\"MerginIT\"\u003e\u003cimg src=\"https://img.shields.io/badge/MerginIT-blue\"\u003e\u003c/a\u003e\n\u003ca target=\"_blank\" href=\"https://owasp.org/www-project-secure-headers/#div-technical\" title=\"OWASP Secure Headers Project\"\u003e\u003cimg src=\"https://img.shields.io/badge/OWASP-blue\"\u003e\u003c/a\u003e\n\u003ca target=\"_blank\" href=\"https://qiita.com/prograti/items/8eea5d60056f6df0d160#humble\" title=\"Security Tools in Kali Linux\"\u003e\u003cimg src=\"https://img.shields.io/badge/Qiita-blue\"\u003e\u003c/a\u003e\n\u003cbr /\u003e\n\u003ca target=\"_blank\" href=\"https://github.com/rfc-st/humble/actions/workflows/bandit-security-scan.yml\" title=\"Vulnerability analysis with Bandit\"\u003e\u003cimg src=\"https://github.com/rfc-st/humble/actions/workflows/bandit-security-scan.yml/badge.svg\"\u003e\u003c/a\u003e\n\u003ca target=\"_blank\" href=\"https://github.com/rfc-st/humble/actions/workflows/codeql-analysis.yml?query=workflow%3ACodeQL\" title=\"Vulnerability analysis with CodeQL\"\u003e\u003cimg src=\"https://github.com/rfc-st/humble/workflows/CodeQL/badge.svg\"\u003e\u003c/a\u003e\n\u003ca target=\"_blank\" href=\"https://humble.readthedocs.io/en/latest/\" title=\"Status of documentation in 'Read The Docs'\"\u003e\u003cimg src=\"https://img.shields.io/badge/documentation-passing-32bd50?labelColor=343b41\"\u003e\u003c/a\u003e\n\u003ca target=\"_blank\" href=\"https://github.com/rfc-st/humble/?tab=readme-ov-file#unit-tests\" title=\"Code coverage with pytest-cov\"\u003e\u003cimg src=\"https://img.shields.io/badge/code%20coverage-96%25-32bd50?labelColor=343b41\"\u003e\u003c/a\u003e\n\u003ca target=\"_blank\" href=\"https://github.com/rfc-st/humble/actions/workflows/vulture.yml\" title=\"Dead Code analysis with vulture\"\u003e\u003cimg src=\"https://img.shields.io/badge/vulture-passing-32bd50?labelColor=343b41\"\u003e\u003c/a\u003e\n\u003ca target=\"_blank\" href=\"https://www.bestpractices.dev/projects/9543\" title=\"Analysis of OpenSSF best practices\"\u003e\u003cimg src=\"https://www.bestpractices.dev/projects/9543/badge\"\u003e\u003c/a\u003e\n\u003cbr /\u003e\n\u003cbr /\u003e\n\u003cbr /\u003e\n\u003cimg src=\"https://github.com/rfc-st/humble/blob/master/screenshots/humble_fast.PNG\" alt=\"A quick analysis with 'humble'!\"\u003e\n\u003cbr /\u003e\n\u003cbr /\u003e\n\u003ci\u003e\"千里之行，始於足下 - 老子\"\u003c/i\u003e\n\u003cbr /\u003e\n\u003ci\u003e(\"A journey of a thousand miles begins with a single step. - Lao Tzu\")\u003c/i\u003e\n\u003cbr /\u003e\n\u003cbr /\u003e\n\u003ci\u003e\"And if you don't keep your feet, there's no knowing where you might be swept off to. - Bilbo Baggins\"\u003c/i\u003e\n\u003cbr /\u003e\n\u003cbr /\u003e\n\n### Table of contents\n\n[Features](#features)\u003cbr /\u003e\n[Screenshots](#screenshots)\u003cbr /\u003e\n[Installation \u0026 Update (Source code)](#installation--update-source-code)\u003cbr /\u003e\n[Installation \u0026 Maintenance (Docker)](#installation--maintenance-docker)\u003cbr /\u003e\n[Installation \u0026 Update (Kali Linux)](#installation--update-kali-linux)\u003cbr /\u003e\n[Usage](#usage)\u003cbr /\u003e\n[Advanced Usage (Linux)](#advanced-usage-linux)\u003cbr /\u003e\n[Unit tests](#unit-tests)\u003cbr /\u003e\n[Quality, style and security tools](#quality-style-and-security-tools)\u003cbr /\u003e\n[Checks: Missing Headers](#checks-missing-headers)\u003cbr /\u003e\n[Checks: Fingerprint Headers](#checks-fingerprint-headers)\u003cbr /\u003e\n[Checks: Deprecated Headers and Insecure Values](#checks-deprecated-headersprotocols-and-insecure-values)\u003cbr /\u003e\n[Checks: Empty Values](#checks-empty-values)\u003cbr /\u003e\n[Guidelines included](#guidelines-included-to-enable-security-http-headers)\u003cbr /\u003e\n[To-Do](#to-do)\u003cbr /\u003e\n[Further Reading](#further-reading)\u003cbr /\u003e\n[Contribute](#contribute)\u003cbr /\u003e\n[Acknowledgements](#acknowledgements)\u003cbr /\u003e\n[License](#license)\u003cbr /\u003e\n\u003cbr /\u003e\n\n## Features\n\n:heavy_check_mark: Covers 61 [enabled](#checks-enabled-headers) security-related HTTP response headers.\u003cbr /\u003e\n:heavy_check_mark: 15 [checks](#checks-missing-headers) for missing security-related HTTP response headers (the ones I consider essential).\u003cbr /\u003e\n:heavy_check_mark: 1246 [checks](#checks-fingerprint-headers) for fingerprinting through HTTP response headers.\u003cbr /\u003e\n:heavy_check_mark: 157 [checks](#checks-deprecated-headersprotocols-and-insecure-values) for deprecated HTTP response headers/protocols or with insecure/wrong values.\u003cbr /\u003e\n:heavy_check_mark: 28 [checks](https://github.com/rfc-st/humble/blob/master/additional/insecure.txt#L46-L73) related to Content Security Policy [Level 3](https://www.w3.org/TR/CSP3/).\u003cbr /\u003e\n:heavy_check_mark: Can check for compliance with the OWASP \u003ca href=\"https://owasp.org/www-project-secure-headers/#div-bestpractices\" target=\"_blank\"\u003eSecure Headers Project\u003c/a\u003e Best Practices.\u003cbr /\u003e\n:heavy_check_mark: Can exclude specific HTTP response headers from the analysis.\u003cbr /\u003e\n:heavy_check_mark: Can analyze _raw response files_: text files with HTTP response headers and values. Ex: curl option '\u003ca href=\"https://curl.se/docs/manpage.html#-D\" target=\"_blank\"\u003e--dump-header\u003c/a\u003e'.\u003cbr /\u003e\n:heavy_check_mark: Can export each analysis to CSV, CSS3 \u0026 HTML5, JSON, PDF, TXT, XLSX (Excel 2007 onwards) and XML; and in a filename and path of your choice.\u003cbr /\u003e\n:heavy_check_mark: Can check for outdated SSL/TLS protocols and vulnerabilities: requires the **amazing** \u003ca href=\"https://testssl.sh/\" target=\"_blank\"\u003etestssl.sh\u003c/a\u003e.\u003cbr /\u003e\n:heavy_check_mark: Can provide brief and detailed analysis along with HTTP response headers.\u003cbr /\u003e\n:heavy_check_mark: Can use proxies for the analysis.\u003cbr /\u003e\n:heavy_check_mark: Allows specifying custom HTTP request headers.\u003cbr /\u003e\n:heavy_check_mark: Can output only analysis summary, totals and grade as JSON; suitable for \u003ca href=\"https://www.redhat.com/en/topics/devops/what-is-ci-cd\" target=\"_blank\"\u003eCI/CD\u003c/a\u003e.\u003cbr /\u003e\n:heavy_check_mark: Print browser support for enabled HTTP security headers, with data from \u003ca href=\"https://caniuse.com/\" target=\"_blank\"\u003eCan I use\u003c/a\u003e.\u003cbr /\u003e\n:heavy_check_mark: Highlights \u003ca href=\"https://developer.mozilla.org/en-US/docs/MDN/Writing_guidelines/Experimental_deprecated_obsolete\" target=\"_blank\"\u003eexperimental\u003c/a\u003e headers in each analysis.\u003cbr /\u003e\n:heavy_check_mark: Provides hundreds of relevant links to security resources, standards and technical blogs based on each analysis.\u003cbr /\u003e\n:heavy_check_mark: Supports displaying analysis, messages, and most errors in English or Spanish.\u003cbr /\u003e\n:heavy_check_mark: Saves each analysis, highlighting improvements or deficiencies compared to the previous one.\u003cbr /\u003e\n:heavy_check_mark: Can display analysis statistics for a specific URL or across all of them.\u003cbr /\u003e\n:heavy_check_mark: Can display fingerprint statistics for a specific term or the Top 20.\u003cbr /\u003e\n:heavy_check_mark: Can display guidelines for enabling security HTTP response headers on popular frameworks, servers, and services.\u003cbr /\u003e\n:heavy_check_mark: Provides dozens of [unit tests](#unit-tests) to verify compatibility with your environment; requires \u003ca href=\"https://pypi.org/project/pytest/\" target=\"_blank\"\u003epytest\u003c/a\u003e and \u003ca href=\"https://pypi.org/project/pytest-cov/\"\u003epytest-cov\u003c/a\u003e.\u003cbr /\u003e\n:heavy_check_mark: Classes and functions documented at \u003ca href=\"https://humble.readthedocs.io/en/latest/\" target=\"_blank\"\u003eRead the Docs\u003c/a\u003e.\u003cbr /\u003e\n:heavy_check_mark: Code regularly audited with several quality, style and security [tools](#quality-style-and-security-tools).\u003cbr /\u003e\n:heavy_check_mark: Tested, one by one, on thousands of URLs.\u003cbr /\u003e\n:heavy_check_mark: Tested on Docker 26.1, Kali Linux 2021.1, macOS 14.2.1 and Windows 10 20H2.\u003cbr /\u003e\n:heavy_check_mark: \u003ca href=\"https://github.com/rfc-st/humble/blob/master/additional/fingerprint.txt\" target=\"_blank\"\u003eAlmost\u003c/a\u003e all the \u003ca href=\"https://github.com/rfc-st/humble/blob/master/additional/owasp_best_practices.txt\" target=\"_blank\"\u003ecode\u003c/a\u003e available under one of the most permissive licenses: \u003ca href=\"https://github.com/rfc-st/humble/blob/master/LICENSE\" target=\"_blank\"\u003eMIT\u003c/a\u003e.\u003cbr /\u003e\n:heavy_check_mark: Regularly \u003ca href=\"https://github.com/rfc-st/humble/commits/master\" target=\"_blank\"\u003eupdated\u003c/a\u003e.\u003cbr /\u003e\n:heavy_check_mark: Minimal \u003ca href=\"https://github.com/rfc-st/humble/blob/master/requirements.txt\" target=\"_blank\"\u003edependencies\u003c/a\u003e required.\u003cbr /\u003e\n:heavy_check_mark: Developed entirely in my spare time, \u003cb\u003eno strings attached\u003c/b\u003e: feel free to try it out and integrate it into your projects!.\u003cbr /\u003e\n:heavy_check_mark: And \u003ca href=\"https://github.com/rfc-st/humble/blob/master/screenshots/humble_IA_6.jpg\"\u003ewith\u003c/a\u003e \u003ca href=\"https://github.com/rfc-st/humble/blob/master/screenshots/humble_IA.PNG\"\u003ethe\u003c/a\u003e \u003ca href=\"https://github.com/rfc-st/humble/blob/master/screenshots/humble_IA_4.JPG\"\u003eapproval\u003c/a\u003e \u003ca href=\"https://github.com/rfc-st/humble/blob/master/screenshots/humble_IA_2.JPG\"\u003eof\u003c/a\u003e \u003ca href=\"https://github.com/rfc-st/humble/blob/master/screenshots/humble_IA_3.JPG\"\u003eseveral\u003c/a\u003e \u003ca href=\"https://github.com/rfc-st/humble/blob/master/screenshots/humble_IA_5.JPG\"\u003eAI\u003c/a\u003e :smile:!.\u003cbr /\u003e\n\n## Screenshots\n\n.: (Windows) - Brief analysis.\u003cbr /\u003e\n\u003cp\u003e\u003c/p\u003e\n\u003cp align=\"center\"\u003e\n\u003cimg src=\"https://github.com/rfc-st/humble/blob/master/screenshots/humble_b.PNG\" alt=\"(Windows) - Brief analysis\"\u003e\n\u003c/p\u003e\n\u003cbr /\u003e\n.: (Linux) - Brief analysis along with HTTP response headers.\u003cbr /\u003e\n\u003cp\u003e\u003c/p\u003e\n\u003cp align=\"center\"\u003e\n\u003cimg src=\"https://github.com/rfc-st/humble/blob/master/screenshots/humble_br.PNG\" alt=\"(Linux) - Brief analysis along with HTTP response headers\"\u003e\n\u003c/p\u003e\n\u003cbr /\u003e\n.: (Linux) - Detailed analysis, in Spanish.\u003cbr /\u003e\n\u003cp\u003e\u003c/p\u003e\n\u003cp align=\"center\"\u003e\n\u003cimg src=\"https://github.com/rfc-st/humble/blob/master/screenshots/humble.PNG\" alt=\"(Linux) - Detailed analysis in Spanish\"\u003e\n\u003c/p\u003e\n\u003cbr /\u003e\n.: (Linux) - Analysis of a raw response file. \u003ca href=\"https://github.com/rfc-st/humble/raw/master/samples/github_input_file.txt\"\u003eExample.\u003c/a\u003e\u003cbr /\u003e\n\u003cbr /\u003e\n\n\u003e [!TIP]\n\u003e \u003ca target=\"_blank\" href=\"https://curl.se/docs/manpage.html#-D\"\u003eGenerating\u003c/a\u003e a raw response file; requires curl \u003ca target=\"_blank\" href=\"https://curl.se/ch/8.16.0.html\"\u003e8.16\u003c/a\u003e or higher:\n\u003e ```bash\n\u003e curl --dump-header github_input_file.txt https://github.com --out-null -s\n\u003e ```\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n\u003cimg src=\"https://github.com/rfc-st/humble/blob/master/screenshots/humble_input.PNG\" alt=\"(Linux) - Analysis of a raw response file\"\u003e\n\u003c/p\u003e\n\n\u003cbr /\u003e\n.: (Linux) - SSL/TLS checks.\u003cbr /\u003e\n\u003cp\u003e\u003c/p\u003e\n\n\u003e [!TIP]\n\u003e \u003ca target=\"_blank\" href=\"https://testssl.sh/doc/testssl.1.html\"\u003etestssl.sh\u003c/a\u003e options used:\n\u003e\n\u003e - `-f`: checks robust forward secrecy key exchange\n\u003e - `-g`: checks several server implementation bugs\n\u003e - `-p`: checks the availability of SSL/TLS protocols\n\u003e - `-U`: tests all vulnerabilities, like Heartbleed, ROBOT and sweet32\n\u003e - `-s`: tests lists of cipher suites/categories by strength\n\u003e - `-hints`: (available in the future) give hints how to fix a finding\n\n\u003cp\u003e\u003c/p\u003e\n\u003cp align=\"center\"\u003e\n\u003cimg src=\"https://github.com/rfc-st/humble/blob/master/screenshots/humble_encryption_s.PNG\" alt=\"(Linux) - SSL/TLS checks (requires https://testssl.sh/ and Linux/Unix client)\"\u003e\n\u003c/p\u003e\n\u003cbr /\u003e\n.: (Linux) - Custom HTTP request header.\u003cbr /\u003e\n\u003cp\u003e\u003c/p\u003e\n\u003cp align=\"center\"\u003e\n\u003cimg src=\"https://github.com/rfc-st/humble/blob/master/screenshots/humble_request_header.PNG\" alt=\"(Linux) - Custom HTTP request header\"\u003e\n\u003c/p\u003e\n\u003cbr /\u003e\n.: (Linux) - Compliance with OWASP \u003ca href=\"https://owasp.org/www-project-secure-headers/#div-bestpractices\" target=\"_blank\"\u003e'Secure Headers Project'\u003c/a\u003e best practices.\n\u003cp\u003e\u003c/p\u003e\n\u003cp align=\"center\"\u003e\n\u003cimg src=\"https://github.com/rfc-st/humble/blob/master/screenshots/humble_compliance_owasp.PNG\" alt=\"(Linux) - Compliance with OWASP 'Secure Headers Project' best practices\"\u003e\n\u003c/p\u003e\n\u003cbr /\u003e\n.: (Windows) - JSON summary of the analysis, suitable for \u003ca href=\"https://www.redhat.com/en/topics/devops/what-is-ci-cd\" target=\"_blank\"\u003eCI/CD\u003c/a\u003e.\u003cbr /\u003e\n\u003cp\u003e\u003c/p\u003e\n\u003cp align=\"center\"\u003e\n\u003cimg src=\"https://github.com/rfc-st/humble/blob/master/screenshots/humble_cicd.PNG\" alt=\"(Windows) - JSON summary for CI/CD\"\u003e\n\u003c/p\u003e\n\u003cbr /\u003e\n.: (Linux) - List of HTTP fingerprint headers based on a specific term.\u003cbr /\u003e\n\u003cp\u003e\u003c/p\u003e\n\u003cp align=\"center\"\u003e\n\u003cimg src=\"https://github.com/rfc-st/humble/blob/master/screenshots/humble_fng.jpg\" alt=\"(Linux) - List of HTTP fingerprint headers based on a specific term\"\u003e\n\u003c/p\u003e\n\u003cbr /\u003e\n.: (Windows) - Guidelines for enabling security HTTP response headers.\u003cbr /\u003e\n\u003cp\u003e\u003c/p\u003e\n\u003cp align=\"center\"\u003e\n\u003cimg src=\"https://github.com/rfc-st/humble/blob/master/screenshots/humble_guidelines.JPG\" alt=\"(Windows) - Guidelines for enabling security HTTP response headers\"\u003e\n\u003c/p\u003e\n\u003cbr /\u003e\n.: (Linux) - Brief analysis saved as CSV. \u003ca href=\"https://github.com/rfc-st/humble/raw/master/samples/humble_https_facebook.com_20250426_191942_en.csv\"\u003eExample.\u003c/a\u003e\u003cbr /\u003e\n\u003cp\u003e\u003c/p\u003e\n\u003cp align=\"center\"\u003e\n\u003cimg src=\"https://github.com/rfc-st/humble/blob/master/screenshots/humble_csv_s.PNG\" alt=\"(Linux) - Brief analysis saved as CSV\"\u003e\n\u003c/p\u003e\n\u003cbr /\u003e\n.: (Windows) - Detailed analysis saved as PDF. \u003ca href=\"https://github.com/rfc-st/humble/raw/master/samples/humble_https_samsung_com_20241122_213022_en.pdf\"\u003eExample.\u003c/a\u003e\u003cbr /\u003e\n\u003cp\u003e\u003c/p\u003e\n\u003cp align=\"center\"\u003e\n\u003cimg src=\"https://github.com/rfc-st/humble/blob/master/screenshots/humble_pdf_s.PNG\" alt=\"(Windows) - Detailed analysis saved as PDF\"\u003e\n\u003c/p\u003e\n\u003cbr /\u003e\n.: (Linux) - Detailed analysis saved as HTML. \u003ca href=\"https://htmlpreview.github.io/?https://github.com/rfc-st/humble/blob/master/samples/humble_https_en.wikipedia.org_20250816_205605_en.html\"\u003eExample.\u003c/a\u003e\u003cbr /\u003e\n\u003cp\u003e\u003c/p\u003e\n\u003cp align=\"center\"\u003e\n\u003cimg src=\"https://github.com/rfc-st/humble/blob/master/screenshots/humble_html_s.PNG\" alt=\"(Linux) - Detailed analysis saved as HTML\"\u003e\n\u003c/p\u003e\n\u003cbr /\u003e\n.: (Linux) - Detailed analysis saved as JSON. \u003ca href=\"https://github.com/rfc-st/humble/raw/master/samples/humble_https_google.com_20251005_205346_en.json\"\u003eExample.\u003c/a\u003e\u003cbr /\u003e\n\u003cp\u003e\u003c/p\u003e\n\u003cp align=\"center\"\u003e\n\u003cimg src=\"https://github.com/rfc-st/humble/blob/master/screenshots/humble_json_s.PNG\" alt=\"(Linux) - Brief analysis saved as JSON\"\u003e\n\u003c/p\u003e\n\u003cbr /\u003e\n.: (Linux) - Detailed analysis saved as XLSX. \u003ca href=\"https://github.com/rfc-st/humble/raw/master/samples/humble_https_google.com_20250823_184837_en.xlsx\"\u003eExample.\u003c/a\u003e\u003cbr /\u003e\n\u003cp\u003e\u003c/p\u003e\n\u003cp align=\"center\"\u003e\n\u003cimg src=\"https://github.com/rfc-st/humble/blob/master/screenshots/humble_xlsx_s.PNG\" alt=\"(Linux) - Brief analysis saved as XSLX\"\u003e\n\u003c/p\u003e\n\u003cbr /\u003e\n.: (Linux) - Brief analysis saved as XML. \u003ca href=\"https://github.com/rfc-st/humble/raw/master/samples/humble_https_en.wikipedia.org_20250711_175924_en.xml\"\u003eExample.\u003c/a\u003e\u003cbr /\u003e\n\u003cp\u003e\u003c/p\u003e\n\u003cp align=\"center\"\u003e\n\u003cimg src=\"https://github.com/rfc-st/humble/blob/master/screenshots/humble_xml_s.PNG\" alt=\"(Linux) - Brief analysis saved as XML\"\u003e\n\u003c/p\u003e\n\u003cbr /\u003e\n.: (Linux) - Analysis history file: Date, URL, Enabled, Missing, Fingerprint, Deprecated/Insecure, Empty headers \u0026 Total warnings (the four previous totals).\u003cbr /\u003e\n\u003cp\u003e\u003c/p\u003e\n\u003cp align=\"center\"\u003e\n\u003cimg src=\"https://github.com/rfc-st/humble/blob/master/screenshots/humble_ah.PNG\" alt=\"(Linux) - Analysis history file: Date, URL, Missing, Fingerprint, Deprecated/Insecure, Empty headers \u0026 Total warnings (the four previous totals)\"\u003e\n\u003c/p\u003e\n\u003cbr /\u003e\n.: (Linux) - Statistics of the analysis performed against a specific URL.\u003cbr /\u003e\n\u003cp\u003e\u003c/p\u003e\n\u003cp align=\"center\"\u003e\n\u003cimg src=\"https://github.com/rfc-st/humble/blob/master/screenshots/humble_analytics.jpg\" alt=\"(Linux) - Statistics of the analysis performed against a specific URL\"\u003e\n\u003c/p\u003e\n\u003cbr /\u003e\n.: (Linux) - Statistics of the analysis performed against all URLs, in Spanish.\u003cbr /\u003e\n\u003cp\u003e\u003c/p\u003e\n\u003cp align=\"center\"\u003e\n\u003cimg src=\"https://github.com/rfc-st/humble/blob/master/screenshots/humble_global_analytics.jpg\" alt=\"(Linux) - Statistics of the analysis performed against all URLs in Spanish\"\u003e\n\u003c/p\u003e\n\u003cbr /\u003e\n.: (Windows) - Checking for updates\u003cbr /\u003e\n\u003cp\u003e\u003c/p\u003e\n\u003cp align=\"center\"\u003e\n\u003cimg src=\"https://github.com/rfc-st/humble/blob/master/screenshots/humble_update.PNG\" alt=\"(Windows) - Checking for updates\"\u003e\n\u003c/p\u003e\n\u003cbr /\u003e\n\n\n## Installation \u0026 update (Source code)\n\n\u003e [!NOTE]\n\u003e Python 3.11 or higher is required.\n\n```bash\n# Install python3 and python3-pip:\n# (Windows) https://www.python.org/downloads/windows/\n# (Linux) if not available, install them: e.g. Synaptic, apt, dnf, yum ...\n# (macOS) https://www.python.org/downloads/macos/\n\n# Install Git:\n# (Windows) https://git-scm.com/download/win\n# (Linux) https://git-scm.com/download/linux\n# (macOS) https://git-scm.com/download/mac\n\n# Set up a virtual environment (pending how to do it in Windows), download 'humble' and its dependencies\n# '/home/bluesman/humble_venv' is a example path for the virtual environment\n$ python3 -m venv /home/bluesman/humble_venv\n$ source /home/bluesman/humble_venv/bin/activate\n$ cd /home/bluesman/humble_venv/\n$ git clone https://github.com/rfc-st/humble.git\n$ cd humble\n$ pip3 install -r requirements.txt\n\n# Analyze! :). Linux and Windows examples\n$ python3 humble.py -u https://google.com\n$ py humble.py -u https://google.com\n\n# Good practice: deactivate the virtual environment after you have finished using 'humble'\n$ deactivate\n\n# Activate the virtual environment to analyze again with 'humble'\n$ cd /home/bluesman/humble_venv/\n$ source /home/bluesman/humble_venv/bin/activate\n$ cd humble\n\n# Updating 'humble' (weekly): activate the virtual environment and from 'humble' folder\n$ git pull\n\n# Updating 'humble' (Release): activate the virtual environment, download the latest source code file\n# and decompress it in the 'humble' folder, overwriting files\nhttps://github.com/rfc-st/humble/releases\n```\n\n## Installation \u0026 maintenance (Docker)\n\n\u003e [!NOTE]\n\u003e Python 3.11 will be used to [build](https://github.com/rfc-st/humble/blob/master/Dockerfile) the image.\n\n```bash\n# Install Docker and ensure it is running:\n# E.g. (Linux): https://www.kali.org/docs/containers/installing-docker-on-kali/\n# E.g. (macOs): https://docs.docker.com/desktop/install/mac-install/\n# E.g. (Windows): https://docs.docker.com/desktop/install/windows-install/\n\n# Clone the repository or download the latest release\n$ git clone https://github.com/rfc-st/humble.git\nhttps://github.com/rfc-st/humble/releases\n\n# Build the Docker image inside the 'humble' folder: providing the TAG as the latest Release of 'humble' (e.g. 1.58)\n# https://github.com/rfc-st/humble/releases (On Windows, this may require running the terminal with admin privileges)\n$ docker build -t humble:1.58 .\n\n# Run the analysis specifying the above TAG, along with the specific options for 'humble':\n# '-it', required: allocate a pseudo-TTY and keep input interactive.\n# '-rm', required: automatically remove the container after it exits.\n\n# (Linux/macOS)\n# E.g. Analyze https://google.com (brief analysis)\n$ docker run -it --rm --name humble humble:1.58 /bin/bash -c \"python3 humble.py -u https://google.com -b\"\n\n# (Windows)\n# E.g. Analyze https://google.com (detailed analysis)\n$ docker run -it --rm --name humble humble:1.58 python3 humble.py -u https://google.coms\n\n# (Optional) Remove and untag the previous 'humble' image after upgrading\n$ docker rmi humble:1.58\n```\n\n## Installation \u0026 update (Kali Linux)\n\n\u003e [!NOTE]\n\u003e Python 3.11 or higher is required.\n\n```bash\n# Verify that the output contains 'Homepage: https://github.com/rfc-st/humble'\n$ apt show humble\n\n# Install 'humble'\n$ sudo apt install humble\n\n# Analyze! :)\n$ humble -u https://google.com\n\n# Updating 'humble' (monthly)\n$ sudo apt update\n$ sudo apt install --only-upgrade humble\n```\n\n## Usage\n\n```console\n(Windows) $ py humble.py\n(Linux)   $ python3 humble.py\n(macOS)   $ python3 humble.py\n\nusage: humble.py [-h] [-a] [-b] [-c] [-cicd] [-df] [-e [TESTSSL_PATH]] [-f [FINGERPRINT_TERM]] [-g] [-grd] [-H REQUEST_HEADER] [-if INPUT_FILE] [-l {es}] [-lic]\n                 [-o {csv,html,json,pdf,txt,xlsx,xml}] [-of OUTPUT_FILE] [-op OUTPUT_PATH] [-p PROXY] [-r] [-s [SKIP_HEADERS ...]] [-u URL] [-ua USER_AGENT] [-v]\n\n'humble' (HTTP Headers Analyzer) | https://github.com/rfc-st/humble | v.2026-02-14\n\noptions:\n  -h, --help                           show this help message and exit\n  -a                                   Print statistics of the performed analysis; if the '-u' parameter is omitted they will be global\n  -b                                   Print overall findings; if omitted detailed ones will be printed\n  -c                                   Checks URL response HTTP headers for compliance with OWASP 'Secure Headers Project' best practices\n  -cicd                                Print only analysis summary, totals and grade in JSON; suitable for CI/CD\n  -df                                  Do not follow redirects; if omitted the last redirection will be the one analyzed\n  -e [TESTSSL_PATH]                    Print only TLS/SSL checks; requires the PATH of testssl (https://testssl.sh/)\n  -f [FINGERPRINT_TERM]                Print fingerprint statistics; if 'FINGERPRINT_TERM' (E.g., 'Google') is omitted the top 20 results will be printed\n  -g                                   Print guidelines for enabling security HTTP response headers on popular frameworks, servers and services\n  -grd                                 Print the checks to grade an analysis, along with advice for improvement\n  -H REQUEST_HEADER                    Adds REQUEST_HEADER to the request; must be in double quotes and can be used multiple times, e.g. -H \"Host: example.com\"\n  -if INPUT_FILE                       Analyzes 'INPUT_FILE': must contain HTTP response headers and values separated by ': '; E.g., 'server: nginx'\n  -l {es}                              Defines the language for displaying analysis, errors and messages; if omitted, will be printed in English\n  -lic                                 Print the license for 'humble', along with permissions, limitations and conditions\n  -o {csv,html,json,pdf,txt,xlsx,xml}  Exports analysis to 'humble_scheme_URL_port_yyyymmdd_hhmmss_language.ext' file\n  -of OUTPUT_FILE                      Exports analysis to 'OUTPUT_FILE'; if omitted the default filename of the parameter '-o' will be used\n  -op OUTPUT_PATH                      Exports analysis to 'OUTPUT_PATH'; must be absolute. If omitted the PATH of 'humble.py' will be used\n  -p PROXY                             Use a proxy for the analysis. E.g., 'http://127.0.0.1:8080'. If no port is specified '8080' will be used\n  -r                                   Print HTTP response headers and a detailed analysis; '-b' parameter will take priority\n  -s [SKIP_HEADERS ...]                Skips 'deprecated/insecure' and 'missing' checks for the indicated 'SKIP_HEADERS' (separated by spaces)\n  -u URL                               Scheme, host and port to analyze. E.g., https://google.com or https://google.com:443\n  -ua USER_AGENT                       User-Agent ID from 'additional/user_agents.txt' file to use. '0' will print all and '1' is the default\n  -v, --version                        Checks for updates at https://github.com/rfc-st/humble\n\nexamples:\n  -u URL -a                            Print statistics of the analysis performed against the URL\n  -u URL -b                            Analyzes the URL and prints overall findings\n  -u URL -b -o csv                     Analyzes the URL and exports overall findings to CSV format\n  -u URL -l es                         Analyzes the URL and prints (in Spanish) detailed findings\n  -u URL -o pdf                        Analyzes the URL and exports detailed findings to PDF format\n  -u URL -o html -of test              Analyzes the URL and exports detailed findings to HTML format and 'test' filename\n  -u URL -o pdf -op D:/Tests           Analyzes the URL and exports detailed findings to PDF format and 'D:/Tests' path\n  -u URL -p http://127.0.0.1:8080      Analyzes the URL using 'http://127.0.0.1:8080' as the proxy\n  -u URL -r                            Analyzes the URL and prints detailed findings along with HTTP response headers\n  -u URL -s ETag NEL                   Analyzes the URL and skips 'deprecated/insecure' and 'missing' checks for 'ETag' and 'NEL' headers\n  -u URL -ua 4                         Analyzes the URL using the fourth User-Agent of 'additional/user_agents.txt' file\n  -a -l es                             Print statistics (in Spanish) of the analysis performed against all URLs\n  -f Google                            Print HTTP fingerprint headers related to the term 'Google'\n\nwant to contribute?:\n  How to                               https://github.com/rfc-st/humble/blob/master/CONTRIBUTING.md\n  References (classes and functions)   https://humble.readthedocs.io/en/latest/references.html\n  Acknowledgements                     https://github.com/rfc-st/humble/#acknowledgements\n```\n\n## Advanced usage (Linux)\n\n.: Show only the deprecated headers/protocols and insecure values.\u003cbr /\u003e\n\n```\n$ python3 humble.py -u https://en.wikipedia.org/ | sed -n '/\\[4/,/^\\[5/ { /^\\[5/!p }' | sed '$d' | sed $'1i \\n'\n```\n\u003cimg src=\"https://github.com/rfc-st/humble/blob/master/screenshots/humble_adv_linux_3.jpg\" alt=\"Show only the deprecated headers/protocols and insecure values (Linux)\"\u003e\n\n\n.: Check for HTTP client errors (4XX).\u003cbr /\u003e\n\n```\n$ python3 humble.py -u https://my.prelude.software/demo/index.pl | grep -A1 -B5 'Note : \\|Nota : ' --color=never\n```\n\u003cimg src=\"https://github.com/rfc-st/humble/blob/master/screenshots/humble_adv_linux_4.jpg\" alt=\"Check for HTTP client errors (4XX) (Linux)\"\u003e\n\n\n.: Analyze multiple URLs and save the results as PDFs; thanks \u003ca href=\"https://www.linkedin.com/in/eduardo-boronat/\"\u003eEduardo\u003c/a\u003e for this example!.\u003cbr /\u003e\n\n```\n$ datasets=('https://facebook.com' 'https://github.com' 'https://www.spacex.com'); for dataset in \"${datasets[@]}\"; do python3 humble.py -u \"$dataset\" -o pdf; done\n```\n\u003cimg src=\"https://github.com/rfc-st/humble/blob/master/screenshots/humble_adv_linux_5.jpg\" alt=\"Analyze multiple URLs and save the results as PDFs\"\u003e\n\n## Unit tests\n\u003e [!IMPORTANT]\n\u003e Before running unit tests and code coverage ensure that the following domains are accessible and that the *tests* folder has permission to create and delete files and folders:\n\u003e - https://en.wikipedia.org\n\u003e - https://github.com\n\u003e - https://google.com\n\u003e - https://httpbin.org\n\u003e - https://microsoft.com\n\n.: (Linux) - All tests passed successfully (showing all messages in English).\u003cbr /\u003e\n```\n$ cd \u003chumble dir\u003e\n$ cd tests\n(Linux)   $ python test_humble.py -l en\n(Windows) $ py test_humble.py -l en\n```\n\n\u003cimg src=\"https://github.com/rfc-st/humble/blob/master/screenshots/humble_tests_ok.PNG\" alt=\"(Linux) - All tests passed successfully\"\u003e\n\n.: (Linux) - Code coverage (currently disabled in Windows).\u003cbr /\u003e\n```\n$ cd \u003chumble dir\u003e\n$ cd tests\n$ pytest test_humble.py --cov-config=.coveragerc --cov=.. --cov-report=html --tb=no -rA -q -v -W ignore -p no:cacheprovider -o dont_write_bytecode=True\n$ cd humble_coverage_report\nOpen the index.html file in a browser.\n```\n\n\u003cimg src=\"https://github.com/rfc-st/humble/blob/master/screenshots/humble_code_coverage.PNG\" alt=\"(Linux) - Code coverage\"\u003e\n\n\u003e [!IMPORTANT]\n\u003e After reviewing the code coverage, you can delete the following items from the *tests* directory **keeping the rest**:\n\u003e\n\u003e - *humble_coverage_report* folder\n\u003e - *.coverage* file\n\n\u003e [!TIP]\n\u003e Parameters used in \u003ca target=\"_blank\" href=\"https://docs.pytest.org/en/stable/reference/reference.html\"\u003epytest\u003c/a\u003e and \u003ca target=\"_blank\" href=\"https://pytest-cov.readthedocs.io/en/latest/config.html\"\u003epytest-cov\u003c/a\u003e:\n\u003e\n\u003e - `--cov-config=.coveragerc`: Specifies the coverage configuration file\n\u003e - `--cov=..`: Specifies what code to measure coverage for\n\u003e - `--cov-report=html`: Defines the coverage report format\n\u003e - `--tb=no`: Does not show tracebacks for failed tests\n\u003e - `-rA`: Show all extra test summary info\n\u003e - `-q`: Quiet mode (during the analysis)\n\u003e - `-v`: Verbose mode (after the analysis)\n\u003e - `-W ignore`: Ignore all warnings during test execution\n\u003e - `--p no:cacheprovider`: Prevents creation of `.pytest_cache`\n\u003e - `-o dont_write_bytecode=True`: Prevents creation of `__pycache__` folders\n\n## Quality, style and security tools\n\n*humble* has enabled the following workflows:\n\n- \u003ca href=\"https://github.com/PyCQA/bandit-action\" target=\"_blank\"\u003eBandit\u003c/a\u003e\n- \u003ca href=\"https://codeql.github.com/\" target=\"_blank\"\u003eCodeQl\u003c/a\u003e\n- \u003ca href=\"https://docs.github.com/en/code-security/tutorials/secure-your-dependencies/dependabot-quickstart-guide\" target=\"_blank\"\u003eDependabot\u003c/a\u003e\n- \u003ca href=\"https://github.com/marketplace/actions/vulture-github-action\" target=\"_blank\"\u003evulture\u003c/a\u003e\n\nIt is also reviewed with the following extensions in Visual Studio Code:\n\n- \u003ca href=\"https://marketplace.visualstudio.com/items?itemName=ms-python.flake8\" target=\"_blank\"\u003eFlake8\u003c/a\u003e\n- \u003ca href=\"https://marketplace.visualstudio.com/items?itemName=SonarSource.sonarlint-vscode\" target=\"_blank\"\u003eSonarQube for IDE\u003c/a\u003e\n- \u003ca href=\"https://marketplace.visualstudio.com/items?itemName=sourcery.sourcery\" target=\"_blank\"\u003eSourcery\u003c/a\u003e\n\nAnd is regularly audited manually using the following tools (for each of them, I indicate how I use them):\n\n- \u003ca href=\"https://pypi.org/project/bandit/\" target=\"_blank\"\u003eBandit\u003c/a\u003e: `bandit -r /home/bluesman/humble_venv/humble --severity-level high`\n- \u003ca href=\"https://github.com/nocomplexity/codeaudit\" target=\"_blank\"\u003eCodeaudit\u003c/a\u003e: `codeaudit filescan humble.py --n`\n- \u003ca href=\"https://github.com/rohaquinlop/complexipy\" target=\"_blank\"\u003eComplexipy\u003c/a\u003e: `complexipy . --exclude /home/bluesman/humble_venv/humble/tests`\n- \u003ca href=\"https://github.com/opengrep/opengrep\" target=\"_blank\"\u003eopengrep\u003c/a\u003e: `opengrep scan --taint-intrafile --config /home/bluesman/humble_venv/opengrep-rules/python .`\n- \u003ca href=\"https://github.com/joerick/pyinstrument\" target=\"_blank\"\u003epyinstrument\u003c/a\u003e: `pyinstrument -r html humble.py -u https://google.com`\n- \u003ca href=\"https://github.com/rubik/radon\" target=\"_blank\"\u003eradon\u003c/a\u003e: `radon cc humble.py -s -a`\n- \u003ca href=\"https://github.com/semgrep/semgrep\" target=\"_blank\"\u003esemgrep\u003c/a\u003e: `semgrep scan --config p/python humble.py`\n- \u003ca href=\"https://github.com/jendrikseipp/vulture\" target=\"_blank\"\u003evulture\u003c/a\u003e: `vulture --min-confidence 60 humble.py`\n\n## Checks: enabled headers\n\nCheck \u003ca href=\"https://github.com/rfc-st/humble/blob/master/additional/security.txt\"\u003ethis\u003c/a\u003e file.\n\n## Checks: missing headers\n\nCheck \u003ca href=\"https://github.com/rfc-st/humble/blob/master/additional/missing.txt\"\u003ethis\u003c/a\u003e file.\n\n## Checks: fingerprint headers\n\nCheck \u003ca href=\"https://github.com/rfc-st/humble/blob/master/additional/fingerprint.txt\"\u003ethis\u003c/a\u003e file.\n\n## Checks: deprecated headers/protocols and insecure values\n\nCheck \u003ca href=\"https://github.com/rfc-st/humble/blob/master/additional/insecure.txt\"\u003ethis\u003c/a\u003e file.\n\u003e [!NOTE]\n\u003e _humble_ tries to be **strict**: both in checking HTTP response headers and their values; some of these headers may be \u003ca href=\"https://developer.mozilla.org/en-US/docs/MDN/Writing_guidelines/Experimental_deprecated_obsolete\"\u003eexperimental\u003c/a\u003e and you may not agree with all the results after analysis.\n\u003e \n\u003e And that's **OK**! :smiley:; you should **never** blindly trust the results of security tools: there should be further work to decide whether the risk is non-existent, potential or real depending on the analyzed URL (its exposure, environment, etc).\n\n## Checks: empty values\n\nAny HTTP response header.\n\n## Guidelines included to enable security HTTP headers\n* Amazon Web Services\n* Angular\n* Apache HTTP Server\n* Cloudflare\n* LiteSpeed Web Server\n* Microsoft Internet Information Services\n* Nginx\n* Node.js\n* Spring\n* WordPress\n\n## To-Do\n- [ ] Add more Header/Value checks (only security-oriented)\n\n## Further reading\n* Web browsers' experimental features, roadmaps, technology previews and trials:\u003cbr /\u003e\n\u003ca href=\"https://chromestatus.com/roadmap\"\u003eGoogle Chrome\u003c/a\u003e\u003cbr /\u003e\n\u003ca href=\"https://developer.microsoft.com/en-us/microsoft-edge/origin-trials/trials\"\u003eMicrosoft Edge\u003c/a\u003e\u003cbr /\u003e\n\u003ca href=\"https://wiki.mozilla.org/Origin_Trials\"\u003eMozilla Firefox\u003c/a\u003e\u003cbr /\u003e\n\u003ca href=\"https://blogs.opera.com/desktop/category/developer-2/\"\u003eOpera\u003c/a\u003e\u003cbr /\u003e\n\u003ca href=\"https://webkit.org/blog/\"\u003eSafari\u003c/a\u003e\u003cbr /\u003e\n\n* Similar tools on GitHub:\u003cbr /\u003e\n\u003ca href=\"https://github.com/search?q=http+headers+analyze\"\u003e'HTTP Headers Analyze'\u003c/a\u003e\u003cbr /\u003e\n\u003ca href=\"https://github.com/search?q=http+headers+secure\"\u003e'HTTP Headers Secure'\u003c/a\u003e\u003cbr /\u003e\n\u003ca href=\"https://github.com/search?q=http+headers+security\"\u003e'HTTP Headers Security'\u003c/a\u003e\u003cbr /\u003e\n\u003ca href=\"https://owasp.org/www-project-secure-headers/#div-technical\"\u003eOWASP Secure Headers Project\u003c/a\u003e\u003cbr /\u003e\n\n* References and standards:\u003cbr /\u003e\n\u003ca href=\"https://caniuse.com/\"\u003eCan I use?\u003c/a\u003e\u003cbr /\u003e\n\u003ca href=\"https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers\"\u003eMozilla Developer Network\u003c/a\u003e\u003cbr /\u003e\n\u003ca href=\"https://www.w3.org/TR/\"\u003eWorld Wide Web Consortium\u003c/a\u003e\u003cbr /\u003e\n\n* Additional information:\u003cbr /\u003e\n\u003ca href=\"https://webtechsurvey.com/common-response-headers\"\u003eCommon response headers\u003c/a\u003e\u003cbr /\u003e\n\u003ca href=\"https://securityheaders.com/\"\u003eSecurity Headers (HTTP response header analyzer)\u003c/a\u003e\u003cbr /\u003e\n\u003ca href=\"https://scotthelme.co.uk/\"\u003eScott Helme (Security Researcher)\u003c/a\u003e\u003cbr /\u003e\n\n## Contribute\n* Read \u003ca href=\"https://github.com/rfc-st/humble/blob/master/CONTRIBUTING.md\"\u003ethis\u003c/a\u003e first!.\n* Report a \u003ca href=\"https://github.com/rfc-st/humble/issues/new?assignees=\u0026labels=\u0026template=bug_report.md\u0026title=\"\u003eBug\u003c/a\u003e.\n* Create a \u003ca href=\"https://github.com/rfc-st/humble/issues/new?assignees=\u0026labels=\u0026template=feature_request.md\u0026title=\"\u003eFeature request\u003c/a\u003e.\n* Report a \u003ca href=\"https://github.com/rfc-st/humble/security/policy\"\u003eSecurity Vulnerability\u003c/a\u003e.\n* Send me your suggestions: rafael.fcucalon@gmail.com\n* Or use that email to tell me about integrations of this tool in others!\n* And to recommend me a good Blues! :sunglasses:\n\nThanks for downloading _humble_, for trying it and for your time!.\n\n## Acknowledgements\n* All the authors/teams of these quality, style and security [tools](#quality-style-and-security-tools): you rock :metal:!.\n* \u003ca href=\"https://github.com/1nabillion\"\u003e1nabillion\u003c/a\u003e for \u003ca href=\"https://github.com/rfc-st/humble/issues/31\"\u003ethis\u003c/a\u003e.\n* \u003ca href=\"https://stackoverflow.com/users/8665970/aniket-navlur\"\u003eAniket Navlur\u003c/a\u003e for \u003ca href=\"https://stackoverflow.com/questions/19596750/is-there-a-way-to-clear-your-printed-text-in-python/52590238#52590238\"\u003ethis\u003c/a\u003e gem.\n* \u003ca href=\"https://github.com/Azathothas\"\u003eAzathothas\u003c/a\u003e for reporting \u003ca href=\"https://github.com/rfc-st/humble/issues/4\"\u003ethis\u003c/a\u003e bug.\n* \u003ca href=\"https://github.com/bulaktm\"\u003ebulaktm\u003c/a\u003e for \u003ca href=\"https://github.com/rfc-st/humble/issues/5\"\u003ethis\u003c/a\u003e suggestion.\n* \u003ca href=\"https://github.com/confuciussayuhm\"\u003econfuciussayuhm \u003c/a\u003e for \u003ca href=\"https://github.com/rfc-st/humble/pull/23\"\u003ethis\u003c/a\u003e suggestion.\n* \u003ca href=\"https://github.com/cr4zyfish\"\u003ecr4zyfish \u003c/a\u003e for some of \u003ca href=\"https://github.com/rfc-st/humble/issues/19\"\u003ethese\u003c/a\u003e suggestions.\n* \u003ca href=\"https://parrotsec.org/team/\"\u003edanterolle\u003c/a\u003e for \u003ca href=\"https://github.com/rfc-st/humble/commit/88a4e5e930083801b0ea2f4ab5f51730f72c9ebf\"\u003ethis\u003c/a\u003e.\n* \u003ca href=\"https://www.linkedin.com/in/david-boronat/\"\u003eDavid\u003c/a\u003e for believing in the usefulness of this tool.\n* \u003ca href=\"https://www.linkedin.com/in/eduardo-boronat/\"\u003eEduardo\u003c/a\u003e for the first Demo and the example \u003ci\u003e\"(Linux) - Analyze multiple URLs and save the results as PDFs\"\u003c/i\u003e.\n* \u003ca href=\"https://github.com/gl4nce\"\u003egl4nce\u003c/a\u003e for \u003ca href=\"https://github.com/rfc-st/humble/issues/6\"\u003ethis\u003c/a\u003e suggestion.\n* İDRİS BUDAK for reporting the need to \u003ca href=\"https://github.com/rfc-st/humble/commit/f85dd7811859fd2e403a0ecd848b21db20949841\"\u003ethis\u003c/a\u003e check.\n* \u003ca href=\"https://github.com/ilLuSion-007\"\u003eilLuSion-007\u003c/a\u003e for \u003ca href=\"https://github.com/rfc-st/humble/pull/32\"\u003ethis\u003c/a\u003e.\n* \u003ca href=\"https://github.com/javelinsoft\"\u003ejavelinsoft\u003c/a\u003e for \u003ca href=\"https://github.com/rfc-st/humble/commit/1f50e7109411b5b15c9a75ccb7760a8f16db7c65\"\u003ethis\u003c/a\u003e.\n* \u003ca href=\"https://www.linkedin.com/in/jdelamo/\"\u003eJulio\u003c/a\u003e for testing on macOS and for \u003ca href=\"https://github.com/rfc-st/humble/commit/e5f16f51dbb8b8e7d5d4b41797055899f399a69b\"\u003ethis\u003c/a\u003e suggestion.\n* \u003ca href=\"https://github.com/kazet\"\u003ekazet\u003c/a\u003e for \u003ca href=\"https://github.com/rfc-st/humble/pull/18\"\u003ethis\u003c/a\u003e suggestion.\n* \u003ca href=\"https://github.com/manuel-sommer\"\u003emanuel-sommer\u003c/a\u003e for \u003ca href=\"https://github.com/rfc-st/humble/issues/8\"\u003ethis\u003c/a\u003e, \u003ca href=\"https://github.com/rfc-st/humble/issues/10\"\u003ethis\u003c/a\u003e and \u003ca href=\"https://github.com/rfc-st/humble/issues/13\"\u003ethis\u003c/a\u003e!.\n* \u003ca href=\"https://github.com/mfabbri\"\u003emfabbri\u003c/a\u003e for \u003ca href=\"https://github.com/rfc-st/humble/issues/25\"\u003ethis\u003c/a\u003e.\n* \u003ca href=\"https://github.com/mgrottenthaler\"\u003emgrottenthaler\u003c/a\u003e for \u003ca href=\"https://github.com/rfc-st/humble/issues/27\"\u003ethis\u003c/a\u003e and \u003ca href=\"https://github.com/rfc-st/humble/issues/33\"\u003ethis\u003c/a\u003e.\n* \u003ca href=\"https://github.com/MikeAnast\"\u003eMikeAnast\u003c/a\u003e for \u003ca href=\"https://github.com/rfc-st/humble/pull/22\"\u003eseveral\u003c/a\u003e suggestions.\n* \u003ca href=\"https://github.com/multipartninja\"\u003emultipartninja\u003c/a\u003e for \u003ca href=\"https://github.com/rfc-st/humble/issues/35\"\u003ethis\u003c/a\u003e and \u003ca href=\"https://github.com/rfc-st/humble/issues/36\"\u003ethis\u003c/a\u003e.\n* \u003ca href=\"https://github.com/n3bojs4\"\u003en3bojs4\u003c/a\u003e, \u003ca href=\"https://github.com/ehlewis\"\u003eehlewis\u003c/a\u003e and \u003ca href=\"https://github.com/dkadev\"\u003edkadev\u003c/a\u003e for \u003ca href=\"https://github.com/rfc-st/humble/issues/7\"\u003ethis\u003c/a\u003e and \u003ca href=\"https://github.com/rfc-st/humble/pull/16\"\u003ethis\u003c/a\u003e.\n* \u003ca href=\"https://www.kali.org/about-us/\"\u003eSophie Brun\u003c/a\u003e for keeping 'humble' updated in \u003ca href=\"https://pkg.kali.org/pkg/humble\"\u003eKali Linux\u003c/a\u003e and for \u003ca href=\"https://github.com/rfc-st/humble/commit/88a4e5e930083801b0ea2f4ab5f51730f72c9ebf\"\u003ethis\u003c/a\u003e.\n* \u003ca href=\"https://github.com/stanley101music\"\u003estanley101music\u003c/a\u003e for \u003ca href=\"https://github.com/rfc-st/humble/issues/14\"\u003ethis\u003c/a\u003e, \u003ca href=\"https://github.com/rfc-st/humble/issues/15\"\u003ethis\u003c/a\u003e and \u003ca href=\"https://github.com/rfc-st/humble/issues/17\"\u003ethis\u003c/a\u003e!.\n* \u003ca href=\"https://github.com/vincentcox\"\u003evincentcox\u003c/a\u003e for \u003ca href=\"https://github.com/rfc-st/humble/issues/19#issuecomment-2466643368\"\u003ethis\u003c/a\u003e and \u003ca href=\"https://github.com/rfc-st/humble/pull/24\"\u003ethis\u003c/a\u003e.\n\n## License\n\nMIT © 2020-2026 Rafa 'Bluesman' Faura (rafael.fcucalon@gmail.com)\u003cbr/\u003e\nOriginal Creator - Rafa 'Bluesman' Faura (rafael.fcucalon@gmail.com)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frfc-st%2Fhumble","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frfc-st%2Fhumble","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frfc-st%2Fhumble/lists"}