HeaderCheck – fast, deterministic HTTP header analysis for privacy and security.
HeaderCheck is a Chrome extension that inspects HTTP response headers for the active tab and evaluates a site’s security and privacy posture.
It uses a deterministic weighted scoring model (SCM-2025.1) to produce a score from 0–100, based on the presence and validity of key security headers.
All processing is performed locally in the browser with no remote calls, storage, or telemetry.
Current scoring model: SCM-2025.1
- Deterministic weighted scoring
Based on a 10-point raw weight model normalized to 100. - Instant analysis
One click, one score. - Clear guidance
Highlights missing or weak headers. - Zero telemetry
Evaluation happens entirely inside Chrome’s extension sandbox. - EU-aligned privacy emphasis
Prioritizes transport integrity, referrer minimization, and isolation boundaries.
HeaderCheck focuses on high-impact, modern browser security controls:
| Header | Purpose |
|---|---|
| Strict-Transport-Security | Prevents downgrade attacks and enforces HTTPS |
| Content-Security-Policy | Strongest browser-side XSS and injection control |
| COOP / COEP / CORP | Context isolation and cross-origin boundary protection |
| Permissions-Policy | Restricts powerful browser APIs |
| Referrer-Policy | Minimizes referrer leakage |
| X-Frame-Options / frame-ancestors | Clickjacking defense |
| X-Content-Type-Options (nosniff) | Prevents MIME sniffing |
Some headers are graded (affect score), others are informational (shown but not penalized).
Full model documentation:
https://yvonlabs.github.io/docs/scoring-models
HeaderCheck assigns grades based on the final weighted percentage:
| Score | Grade | Meaning |
|---|---|---|
| ≥ 85 percent | A–B | Strong alignment with modern best practices |
| < 85 percent | C–D | Missing or weak required controls |
| < 60 percent | F | High-risk posture with critical gaps |
Critical headers:
Content-Security-Policy and Strict-Transport-Security.
- Clone the repo
git clone https://github.com/YvonLabs/headercheck.git ---
If you find HeaderCheck helpful, you can support future open-source tools: