Adds HTTP security header checks

2025-08-09 05:04:31 +02:00 · 2023-08-12 16:08:06 +01:00
parent efba42d59d
commit 1e8d6e868c
2 changed files with 42 additions and 0 deletions
--- a/api/http-security.js
+++ b/api/http-security.js
@ -0,0 +1,25 @@
+const axios = require('axios');
+const middleware = require('./_common/middleware');
+
+const handler = async (url) => {
+  const fullUrl = url.startsWith('http') ? url : `http://${url}`;
+  
+  try {
+    const response = await axios.get(fullUrl);
+    const headers = response.headers;
+    return {
+      strictTransportPolicy: headers['strict-transport-policy'] ? true : false,
+      xFrameOptions: headers['x-frame-options'] ? true : false,
+      xContentTypeOptions: headers['x-content-type-options'] ? true : false,
+      xXSSProtection: headers['x-xss-protection'] ? true : false,
+      contentSecurityPolicy: headers['content-security-policy'] ? true : false,
+    }
+  } catch (error) {
+    return {
+      statusCode: 500,
+      body: JSON.stringify({ error: error.message }),
+    };
+  }
+};
+
+exports.handler = middleware(handler);