INTRODUCTION

Web applications expose essential information to the public and attackers through HTTP headers, and some improperly set and present headers can cause several web applications to exhibit vulnerabilities. In most institutions, active tools used during penetration testing are not encouraged.

In most institutions, active tools used during penetration testing are not encouraged. Web Security Analyzer with PHP is a simple, passive, and educational platform to learn and understand HSTS, CSP, X-Frame-Options, Referrer Policy, Cookie Flags, and Server Banners, which are the most important web security headers.

The code is tested solely on my server to ensure it is used correctly and within academic norms. Only the publicly observable headers are extracted by the analyzer, so it is not snooping and not used inappropriately.