DrHeader

DrHeader is an open-source HTTP security headers auditing tool developed by Santander UK Security Engineering that scans web application responses to identify missing or misconfigured security headers such as Content-Security-Policy, X-Frame-Options, Strict-Transport-Security, and other headers critical for protecting against XSS, clickjacking, and information disclosure attacks. The tool integrates seamlessly with CI/CD pipelines and aligns with OWASP Application Security Verification Standard (ASVS) 4.0 to provide automated security header compliance checks through both CLI and Python library interfaces with customizable YAML-based security policies.