Investigator Use
Security Headers (securityheaders.io) is an online scanning tool that analyzes the HTTP response headers of any publicly accessible website and grades its security posture based on the presence, absence, and configuration of security-relevant headers including Content Security Policy, HSTS, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, and Permissions-Policy.
For OSINT investigators conducting web application security reconnaissance, Security Headers provides immediate intelligence about the defensive maturity of a target website. A site with missing or misconfigured security headers is more vulnerable to client-side attacks including cross-site scripting, clickjacking, and MIME sniffing — information that helps investigators assess the security posture of a target or prioritize attack surface for authorized testing.
A Content Security Policy (CSP) header is particularly informative from an OSINT perspective. The CSP tells browsers which domains are allowed to load resources for the page — effectively documenting all trusted third-party services integrated into the application. This reveals CDN providers, analytics platforms, payment processors, support chat services, and other infrastructure relationships that may not be visible in the page source alone.
The Strict-Transport-Security (HSTS) configuration reveals whether the site enforces HTTPS and for how long, while X-Frame-Options indicates whether the site has implemented basic clickjacking protection. Missing these basic headers on a site handling sensitive user data can be a significant finding in security assessment reports.
For brand protection and phishing investigation workflows, Security Headers can help distinguish between legitimate and spoofed versions of a website — legitimate organizations typically have at least basic security header implementation, while hastily created phishing sites often have none.
Limitations: Security Headers only evaluates the headers returned by the server — it does not perform any vulnerability testing, code analysis, or dynamic interaction with the application. Header grades are a proxy for security practices, not a comprehensive security assessment.
Record the target URL, scan date, grade received, and specific missing or misconfigured headers in investigation documentation.
Before You Pivot
Record Context
Capture the target, search terms, and why this source is relevant before you leave the page.
Preserve Evidence
Archive volatile pages, save screenshots, and keep timestamps for anything that may change.
Corroborate
Treat one tool as a lead source. Confirm important findings with independent sources.
Related Tools
CVE
Cyber Threat OSINT
CVE provides standardized vulnerability identifiers and references used in security research, triage, and threat intelligence workflows.
CVE Details
Cyber Threat OSINT
CVE Details aggregates vulnerability records, CVSS scores, and affected software lists for security analysis and patch prioritization.
Default Passwords
Cyber Threat OSINT
Find default passwords and credentials for routers, printers, servers, and network devices for authorized security auditing.
Exploit DB
Cyber Threat OSINT
The Exploit Database archives public exploits and proof-of-concept code for known vulnerabilities, used in penetration testing and research.
Honey DB
Cyber Threat OSINT
HoneyDB aggregates honeypot sensor data to identify malicious IP addresses, attacker tactics, and emerging threat patterns.
Hybrid analysis
Cyber Threat OSINT
Hybrid Analysis provides free malware sandboxing with Falcon Sandbox technology to analyze suspicious files and URLs for threat intelligence.