A security-focused HTTP header analysis tool built with Go (Golang). It inspects HTTP response headers, TLS configurations, and redirect chains to help identify common web security issues and misconfigurations.
Developed by ItsWanheda.
Cookie Security Analysis: Automated audit of Secure, HttpOnly, and SameSite flags. Remediation Engine: Provides specific, actionable recommendations for every missing or weak security configuration.
- Security Header Analysis: Deep inspection of CSP, HSTS, X-Frame, X-Content-Type, Referrer, and Permissions policies.
- TLS/SSL Inspection: Detects TLS versions, cipher suites, certificate metadata, and expiration status.
- Redirect Chain Tracking: Full path visualization from initial request to final destination.
- Security Scoring: Automated 0–100 scoring system with letter grades (A+ to F).
- Built-in SSRF Protection: Hardened against blind/non-blind SSRF by blocking localhost, private IP ranges, and internal network targets.
- Cyberpunk/Hacker Aesthetic: Dark-themed, high-contrast UI designed for security enthusiasts.
- Dark/Light Mode: Smooth theme toggling for comfort during late-night analysis.
- Responsive Design: Fluid layout optimized for desktops, tablets, and mobile devices.
- Interactive Feedback:
- One-Click Clipboard: Instant JSON response copying.
- Pulsing Skeleton Loaders: Smooth, professional loading states.
- Toast Notifications: Non-intrusive status updates for alerts and operations.
- REST API: JSON-based analysis endpoints and system health-check utilities.
- Historical Tracking: Compare scan results over time to detect security regressions.
- Batch Scanner: Analyze multiple subdomains or lists of URLs.
- CSP Visualizer: Graphical breakdown of CSP directives and attack surface.
- Export Options: Download comprehensive reports in JSON, CSV, or PDF formats.
- Go 1.21+
- Git
git clone https://github.com/itswanheda7737/http-header-analyzer.git
cd http-header-analyzergo mod tidygo run cmd/server/main.gohttp://localhost:8080
http-header-analyzer/
├── cmd/
│ └── server/
│ └── main.go
│
├── internal/
│ ├── analyzer/
│ │ ├── analyzer.go
│ │ ├── security.go
│ │ ├── tls.go
│ │ ├── rules.goo # Added
│ │ └── redirects.go
│ │
│ │
│ ├── api/
│ │ └── handlers.go
│ │
│ ├── models/
│ │ ├── security.go # Added
│ │ └── result.go
│ │
│ │
│ └── validation/
│ └── url.go
│
├── web/
│ ├── templates/
│ │ └── index.html #updated
│ │
│ └── static/
│ ├── style.css #updated
│ └── app.js #updated
│
├── go.mod
├── go.sum
└── README.md
Endpoint
POST /api/analyze{
"url": "https://example.com"
}{
"url": "https://example.com",
"score": 95,
"rating": "A",
"issues": [
{
"header": "Strict-Transport-Security",
"status": "pass",
"severity": "High",
"explanation": "HSTS prevents SSL stripping...",
"remediation": "Add 'Strict-Transport-Security' header with 'max-age=63072000; includeSubDomains'."
}
]
}Endpoint
GET /api/health{
"status": "healthy"
}
Contributions, issues, and feature requests are welcome.
- Fork the repository
- Create a feature branch
git checkout -b feature/my-feature- Commit your changes
git commit -m "Add my feature"- Push to your branch
git push origin feature/my-feature- Open a Pull Request
Distributed under the MIT License.
See the LICENSE file for more information.
- Go Standard Library
- Gorilla Mux
- Open-source security community
If you find this project useful, consider giving it a star on GitHub. It helps the project grow and reach more developers.