Web Security Header Audit
Audit your website's security headers, generate a CSP policy, evaluate it, and configure CORS.
Wann dieses Rezept verwenden
Run this audit before launching any web application. Security headers protect against XSS, clickjacking, and other common attacks. Many compliance standards require proper header configuration.
Schritte
Security Header Checker
Dieses Werkzeug ausprobieren →Audit existing security headers
CSP Generator
Dieses Werkzeug ausprobieren →Create a proper CSP policy
CSP Evaluator
Dieses Werkzeug ausprobieren →Verify the CSP is secure
CORS Header Generator
Dieses Werkzeug ausprobieren →Configure CORS properly
Häufig gestellte Fragen
What's the most important security header?
Content-Security-Policy (CSP) is the most impactful as it prevents XSS attacks. Strict-Transport-Security (HSTS) is also critical for HTTPS enforcement.
How often should I audit security headers?
Audit after every deployment and at least monthly. New third-party scripts or CDN changes may require CSP updates.
Verwandte Rezepte
Secure Password Workflow
Generate a strong password, verify its strength, and hash it for storage — a complete password security pipeline.
JWT Authentication Setup
Set up JWT-based authentication: generate tokens, create signing keys, and implement TOTP for 2FA.
API Security Hardening
Harden your API with HMAC request signing, secure secrets, and SRI for client-side integrity.
SSL Certificate Verification
Decode and verify SSL certificates, check expiration, and generate secure RSA keys for renewal.