HTTP Security Header Scan

Features

In-depth Header Analyser

With Vulnerar`s HTTP Header Scanner you are able to analyse your response headers in a more profound way. This helps you to detect and eliminate invalid or insecure configurations before it can be exploited.

Vulnerability / Risk Assessment

Vulnerar`s Security Header Scanner detects a variety of vulnerabilities. Even more sophisticated vulnerabilities and attacks such as cross-site scripting (XSS), clickjacking, Bootstrap Man-in-the-Middle (MITM) and many more.

Tor Onion Service Support

To provide even for the most critical appliactions the best possible protection our scanners are able to scan your Onion Service / .onion site.

FAQ

Which headers do we analyze?
Here is a list of all headers that we analize when scanning your site.
Additional headers are added on a regular basis.
  • Content-Security-Policy (CSP)
  • Referrer-Policy
  • Server
  • Set-Cookie
  • Strict-Transport-Security (HSTS)
  • X-Content-Type-Options
  • X-Frame-Options
  • X-Powered-By
  • X-XSS-Protection
If you want to learn more about security related headers visit the OWASP Secure Header Project!
Which vulnerabilities are detected by the scanner?
The following vulnerabilities/risks can occur with a number of http headers.
Keep in mind that the listed risks are potential risks and only measured by the given http response headers. There is also no warranty of completeness!
  • Bootstrap Man-in-the-Middle (MITM)
  • Clickjacking
  • Cross-Site Request Forgery (CSRF)
  • Cross-Site Scripting (XSS)
  • Information Disclosure
  • MIME sniffing
  • Reflexted XSS
  • Security Misconfiguration
  • Session Hijacking
  • Form hijacking
Do we cache your scan results?
No, each scan is independent and therefore not cached.