header_analyzer
Analyze HTTP response headers to identify security configurations, caching directives, CORS settings, and server details while providing a security assessment grade.
Instructions
Analyze HTTP response headers for security (HSTS, CSP, X-Frame-Options, etc.), caching directives, CORS configuration, cookies, and server information. Provides a security grade.
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| headers | No | HTTP response headers as key-value pairs to analyze | |
| url | No | Alternatively, provide a URL to fetch and analyze its response headers |
Implementation Reference
- src/tools/header-analyzer.ts:244-262 (handler)The analyzeHeaders function processes the raw headers input and orchestrates the analysis of security, caching, CORS, and cookies.
export function analyzeHeaders( headers: Record<string, string> ): HeaderAnalysis { if (!headers || Object.keys(headers).length === 0) { throw new Error("Provide a non-empty headers object to analyze"); } return { raw_headers: headers, security: analyzeSecurityHeaders(headers), caching: analyzeCaching(headers), cors: analyzeCors(headers), cookies: analyzeCookies(headers), server_info: { server: get(headers, "server"), powered_by: get(headers, "x-powered-by"), }, }; } - src/tools/header-analyzer.ts:1-11 (schema)Type definition for the output of the header_analyzer tool.
export interface HeaderAnalysis { raw_headers: Record<string, string>; security: SecurityAnalysis; caching: CachingAnalysis; cors: CorsAnalysis; cookies: CookieAnalysis[]; server_info: { server: string | null; powered_by: string | null; }; }