Skip to content
/ bash-websites-security-headers-check Public

Check security headers on multiple websites - alternative to securityheaders.com API

License

View license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Torwald45/bash-websites-security-headers-check

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
.gitignore
.gitignore
 
 
CHANGELOG.md
CHANGELOG.md
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
check-security-headers.sh
check-security-headers.sh
 
 

Repository files navigation

Bash Websites Security Headers Check

Check security headers on multiple websites from a directory structure. Alternative to securityheaders.com API (no API key needed).

Features

  • Alternative to securityheaders.com (no API key needed)
  • Checks 6 security headers (X-Frame-Options, X-XSS-Protection, X-Content-Type-Options, Strict-Transport-Security, Referrer-Policy, Permissions-Policy)
  • Validates against A rating requirements
  • Color-coded output (green=pass, red=fail)
  • Summary statistics (total/passed/failed)
  • Scans multiple websites from directory structure

Requirements

  • Linux operating system
  • Bash shell
  • curl command

Installation

  1. Clone this repository
  2. Edit configuration in script (line 17):
# Change this path to your websites directory
WP_DIR="/var/www"

Usage

Run the script:

bash check-security-headers.sh

The script will:

  1. Scan all subdirectories in configured path
  2. Use directory name as domain name
  3. Check HTTPS headers for each domain
  4. Compare against expected A rating values
  5. Display color-coded results

Example output:

Checking security headers for all websites...
==================================================

example1.com: OK
example2.com: FAIL
example3.com: OK

==================================================
Summary:
Checked websites: 3
Passed: 2
Failed: 1

Configuration

Directory Structure

Script assumes directory structure like:

/var/www/
├── example1.com/
├── example2.com/
└── example3.com/

Directory names are used as domain names for HTTPS checks.

Expected Header Values

Script checks for these exact values (A rating):

X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains
Referrer-Policy: strict-origin-when-cross-origin
Permissions-Policy: geolocation=(), microphone=(), camera=()

To modify expected values, edit lines 22-27 in script.

Use Case

Perfect for:

  • Server administrators managing multiple websites
  • DevOps checking security headers compliance
  • Alternative to securityheaders.com when you don't have API key
  • Automated security audits in CI/CD pipelines

Changelog

See CHANGELOG.md for version history.

License

GPL v2 or later

Author

Torwald45

About

Check security headers on multiple websites - alternative to securityheaders.com API

Topics

bash security shell-script bash-script security-headers website-security

Resources

Readme

License

View license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

1 tags

Packages

No packages published

Languages