Security Header Grader by Abinesh Kamal K U
Analyze HTTP security headers on any page - grade, explain misconfigurations, detect tech stack leaks, and get exact fixes. Built for pentesters and developers.
Extension Metadata
About this extension
Security Header Grader analyses the HTTP response headers of any website you visit and gives you an instant security grade (A–F), per-header scores, and actionable fix recommendations — all inside a clean popup.
What it checks (28 headers):
- Transport: Strict-Transport-Security (HSTS)
- Injection / XSS: Content-Security-Policy, X-XSS-Protection
- Clickjacking: X-Frame-Options
- MIME: X-Content-Type-Options, Content-Type
- Privacy: Referrer-Policy, Permissions-Policy, X-DNS-Prefetch-Control
- Cross-Origin Isolation: COOP, COEP, CORP
- CORS: Access-Control-Allow-Origin, Access-Control-Allow-Credentials
- Cookies: Set-Cookie flags (Secure, HttpOnly, SameSite)
- Caching: Cache-Control
- Info leaks: Server, X-Powered-By, X-AspNet-Version, X-Runtime, Via, X-Varnish, and more
Tech Stack Detection:
Identifies 34 server, framework, and CMS signatures (Apache, Nginx, IIS, PHP, WordPress, Drupal, Express, Rails, and more) with risk ratings and direct links to CVE advisories.
Key features:
- Overall grade A–F with animated score ring
- Filter headers by category, missing, or issues
- Per-header score bar with detailed analysis and one-click fix copy
- Tech Stack tab showing info-leak findings with risk levels
- OWASP and MDN documentation links per header
- 100% local — no data ever leaves your browser, zero telemetry
Built for penetration testers, security researchers, and web developers.
What it checks (28 headers):
- Transport: Strict-Transport-Security (HSTS)
- Injection / XSS: Content-Security-Policy, X-XSS-Protection
- Clickjacking: X-Frame-Options
- MIME: X-Content-Type-Options, Content-Type
- Privacy: Referrer-Policy, Permissions-Policy, X-DNS-Prefetch-Control
- Cross-Origin Isolation: COOP, COEP, CORP
- CORS: Access-Control-Allow-Origin, Access-Control-Allow-Credentials
- Cookies: Set-Cookie flags (Secure, HttpOnly, SameSite)
- Caching: Cache-Control
- Info leaks: Server, X-Powered-By, X-AspNet-Version, X-Runtime, Via, X-Varnish, and more
Tech Stack Detection:
Identifies 34 server, framework, and CMS signatures (Apache, Nginx, IIS, PHP, WordPress, Drupal, Express, Rails, and more) with risk ratings and direct links to CVE advisories.
Key features:
- Overall grade A–F with animated score ring
- Filter headers by category, missing, or issues
- Per-header score bar with detailed analysis and one-click fix copy
- Tech Stack tab showing info-leak findings with risk levels
- OWASP and MDN documentation links per header
- 100% local — no data ever leaves your browser, zero telemetry
Built for penetration testers, security researchers, and web developers.
Rated 0 by 0 reviewers
Permissions and data
Required permissions:
- Access browser tabs
- Access your data for all websites
Data collection:
- The developer says this extension doesn't require data collection.
More information
- Add-on Links
- Version
- 1.0.1
- Size
- 57.67 KB
- Last updated
- 12 days ago (Jun 9, 2026)
- Related Categories
- License
- MIT License
- Version History
- Add to collection