{"id":25332445,"url":"https://github.com/stanfrbd/security_headers_check","last_synced_at":"2025-04-08T07:45:52.396Z","repository":{"id":37394597,"uuid":"505724166","full_name":"stanfrbd/security_headers_check","owner":"stanfrbd","description":"Using the Security Headers website to check websites from command line","archived":false,"fork":false,"pushed_at":"2023-12-29T11:08:23.000Z","size":38,"stargazers_count":2,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-02-14T04:52:13.563Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/stanfrbd.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"security_headers_check.py","support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2022-06-21T06:51:00.000Z","updated_at":"2023-12-22T09:04:23.000Z","dependencies_parsed_at":"2023-12-28T09:44:35.995Z","dependency_job_id":null,"html_url":"https://github.com/stanfrbd/security_headers_check","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stanfrbd%2Fsecurity_headers_check","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stanfrbd%2Fsecurity_headers_check/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stanfrbd%2Fsecurity_headers_check/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stanfrbd%2Fsecurity_headers_check/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/stanfrbd","download_url":"https://codeload.github.com/stanfrbd/security_headers_check/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247801185,"owners_count":20998331,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-02-14T04:52:15.391Z","updated_at":"2025-04-08T07:45:52.376Z","avatar_url":"https://github.com/stanfrbd.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# security_headers_check\n\n## Install dependencies\n\nYou might want to create a [`venv`](https://docs.python.org/3/library/venv.html) before installing the dependencies.\n\n```\npip install -r requirements.txt\n```\n\n## Usage\n\n```\nusage: security_headers_check.py [-h] [-u URL] [-i INPUT_FILE] [-f {csv,xlsx}]\n\noptions:\n  -h, --help            show this help message and exit\n  -u URL, --url URL     http://example.com -- it will export to csv in the current directory\n  -i INPUT_FILE, --input-file INPUT_FILE\n                        Choose the path to input file containing URLs e.g. \"test.txt\" -- it will export to csv in the\n                        current directory\n  -f {csv,xlsx}, --format {csv,xlsx}\n                        Choose the export format: csv (default) or xlsx\n```\n\n## Proxy\n\nIf you need to use a proxy, then write it at the beginning of the script in the variable `proxy`.\n\n```\n# Your proxy here...\nproxy = \"http://your.proxy.there:8080\"\n```\n\n## Using a single domain\n\n```\npython3 security_headers_check.py -u example.com\n```\n\n## Using a file containing domains\n\n```\npython3 security_headers_check.py -i sample.txt\n```\n\n## Content of sample.txt\n\n```\nduckduckgo.com\ngoogle.com\nfacebook.com\nexample.com\ntoto.cuik\n```\n\n## Result of execution\n\n```\nTitle:  Scan results for duckduckgo.com\nScore:  A\nURL:    https://securityheaders.com/?q=duckduckgo.com\u0026followRedirects=on\nHTTP Forwarding:  No forwarding\n\nTitle:  Scan results for google.com\nScore:  C\nURL:    https://securityheaders.com/?q=google.com\u0026followRedirects=on\nHTTP Forwarding:  https://www.google.com/\n\nTitle:  Scan results for facebook.com\nScore:  A\nURL:    https://securityheaders.com/?q=facebook.com\u0026followRedirects=on\nHTTP Forwarding:  No forwarding\n\nTitle:  Scan results for example.com\nScore:  F\nURL:    https://securityheaders.com/?q=example.com\u0026followRedirects=on\nHTTP Forwarding:  No forwarding\n\nTitle:  Scan results for toto.cuik\nScore:  Unknown\nURL:    https://securityheaders.com/?q=toto.cuik\u0026followRedirects=on\nHTTP Forwarding:  Unreachable\n\nGenerated CSV: ./security-headers-2023-12-28-09_35_40-export.csv\n```\n\nSince `toto.cuik` is not available for scanning, we don't know its score.\n\n## Content of the CSV\n\n```\nsite,score,httpforwarding,missing_required_headers,missing_optional_headers,warnings,security_headers_url\nduckduckgo.com,A,No forwarding,No issue,No issue,,https://securityheaders.com/?q=duckduckgo.com\u0026followRedirects=on\ngoogle.com,D,https://www.google.com/,Content-Security-Policy | X-Content-Type-Options | ,Permissions-Policy | Referrer-Policy | ,,https://securityheaders.com/?q=google.com\u0026followRedirects=on\nfacebook.com,A,https://www.facebook.com/,No issue,Permissions-Policy | Referrer-Policy | ,Warnings - Content-Security-PolicyThis policy contains 'unsafe-inline' which is dangerous in the default-src directive. This policy contains 'unsafe-eval' which is dangerous in the default-src directive. This policy contains 'unsafe-inline' which is dangerous in the script-src directive. This policy contains 'unsafe-eval' which is dangerous in the script-src directive. This policy contains 'unsafe-inline' which is dangerous in the style-src directive.   - ,https://securityheaders.com/?q=facebook.com\u0026followRedirects=on\nexample.com,F,No forwarding,Content-Security-Policy | X-Content-Type-Options | ,X-Frame-Options | Permissions-Policy | Referrer-Policy | ,Warnings - Site is using HTTPThis site was served over HTTP and did not redirect to HTTPS.  - ,https://securityheaders.com/?q=example.com\u0026followRedirects=on\ntoto.cuik,Unknown,Unreachable,Unknown,Unknown,Unknown,https://securityheaders.com/?q=toto.cuik\u0026followRedirects=on\n```\n\n## Using a file containing domains with Excel export\n\n```\npython3 security_headers_check.py -i sample.txt -f xlsx\n```\n\n## Result of execution in Excel\n\n![image](https://user-images.githubusercontent.com/44167150/225928301-e5f3bfeb-af6a-416f-a286-7f26b17ffc2c.png)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fstanfrbd%2Fsecurity_headers_check","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fstanfrbd%2Fsecurity_headers_check","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fstanfrbd%2Fsecurity_headers_check/lists"}