Full Security Headers Audit
Complete security headers audit: check all headers, generate missing ones, and evaluate the overall security posture.
Wann dieses Rezept verwenden
Quarterly security headers audit for compliance and vulnerability prevention. Covers OWASP recommended headers and ensures they work together cohesively.
Schritte
Security Header Checker
Dieses Werkzeug ausprobieren →Audit existing headers
CSP Generator
Dieses Werkzeug ausprobieren →Generate missing CSP
CSP Evaluator
Dieses Werkzeug ausprobieren →Grade the CSP
CORS Generator
Dieses Werkzeug ausprobieren →Align CORS with CSP
SRI Hash Generator
Dieses Werkzeug ausprobieren →Add integrity protection
Häufig gestellte Fragen
What security grade should I aim for?
A+ on securityheaders.com. Required headers: CSP, HSTS (with preload), X-Content-Type-Options, X-Frame-Options, Referrer-Policy, and Permissions-Policy.
Can security headers break my site?
Yes, especially CSP. Deploy in report-only mode first. HSTS with preload is permanent — test thoroughly. X-Frame-Options: DENY blocks all iframes including your own embeds.
Verwandte Rezepte
Secure Password Workflow
Generate a strong password, verify its strength, and hash it for storage — a complete password security pipeline.
Web Security Header Audit
Audit your website's security headers, generate a CSP policy, evaluate it, and configure CORS.
JWT Authentication Setup
Set up JWT-based authentication: generate tokens, create signing keys, and implement TOTP for 2FA.
API Security Hardening
Harden your API with HMAC request signing, secure secrets, and SRI for client-side integrity.