Command line tool to scan security header. Aims to be a CLI equivalent to securityheaders.io
The ideas and default rules set
- securityheaders.io
- Scott Helem - Scoring for secuirtyheaders.id
- Scott Helem - Articals for secuirtyheaders.id
Implementation for a rule bases node cil test tool have been borrowed from eslint
- Make config extensible
- CSP check for 'unsafe'
- HSTS check for 'max < 1year'
- HSTS check preload
- HSTS check for subdomain
- Server contains bad value
- Examples of using tool with express and supertest
- Add integration tests
- Update output to match formatter
- Push built package to NPM
- Vary header not set