Analyze HTTP response headers and security configuration
Due to CORS restrictions, this tool demonstrates header analysis with simulated data. Use curl or browser DevTools for live header inspection.
HTTP headers are key-value pairs sent between client and server in HTTP requests and responses. They contain metadata about the request/response such as content type, caching instructions, and security policies.
Key security headers include: Content-Security-Policy, X-Frame-Options, X-Content-Type-Options, Strict-Transport-Security (HSTS), Referrer-Policy, and Permissions-Policy.
HTTP Strict Transport Security (HSTS) tells browsers to always use HTTPS. The Strict-Transport-Security header with max-age directive prevents protocol downgrade attacks.