Check headers for OWASP recommendations

The HTTPHeaderCheck tool on binsec.tools is a free online utility designed to assess the HTTP security headers of a website, aligning with OWASP (Open Web Application Security Project) best practices. It evaluates the presence and configuration of various HTTP headers that are crucial for web security.

• Strict-Transport-Security (HSTS): Enforces secure (HTTPS) connections to the server.
• X-Frame-Options: Protects against clickjacking by controlling whether the site can be framed.
• X-Content-Type-Options: Prevents MIME type sniffing.
• Content-Security-Policy (CSP): Helps detect and mitigate certain types of attacks, including Cross Site Scripting (XSS).
• X-Permitted-Cross-Domain-Policies: Restricts Adobe Flash and Acrobat from loading data.
• Referrer-Policy: Governs which referrer information should be included with requests.
• Cross-Origin Resource Sharing (CORS) Headers: Includes headers like Cross-Origin-Resource-Policy, Cross-Origin-Embedder-Policy, and Cross-Origin-Opener-Policy to manage resource sharing across origins.
• Cache-Control: Directs caching mechanisms in browsers.
• Deprecation Awareness: The tool identifies deprecated headers, such as Feature-Policy, Expect-CT, Public-Key-Pins, X-XSS-Protection, and Pragma, advising against their use in modern web applications.