← Back to Home
Header Input
Paste full HTTP response headers once. The analyzers below reuse this input.
CSP Analyzer
Analyzes the Content-Security-Policy header from the shared header input above.
Cookie Security Analyzer
Extracts and analyzes Set-Cookie headers from the shared header input above.
CORS Header Analyzer
Evaluates Access-Control-* headers from the shared header input above for risky combinations.
Remediation Guidance
- Security Headers: Implement CSP, HSTS, X-Frame-Options, X-Content-Type-Options, and Referrer-Policy headers.
- Cookie Security: Always use Secure, HttpOnly, and SameSite attributes on session cookies.
- TLS/SSL: Use TLS 1.2+ only, disable weak ciphers, implement HSTS with long max-age.
- CORS: Configure explicit allowed origins, avoid wildcards, validate Origin headers server-side.
- Server Info: Remove or obscure Server, X-Powered-By headers to reduce information disclosure.