Headers by Omegapoint

A webapp which evaluates HTTP headers for security misconfigurations

⭐ About the Project

Headers by Omegapoint is a tool to help developers and security researchers analyse the HTTP headers in responses from web servers for security misconfigurations.

🧰 Getting Started

🐳 Docker

If you just want to run the scanner locally using Docker there is a docker-compose.yml in the project root.

📜 Prerequisites

• Docker
• Docker Compose
• (optional) GNU make

Starting the API

Run docker-compose up to start the application, by default it'll be accessible at http://localhost:8080.

After pulling new changes (or making changes yourself) you need to remove the local image before starting. This can be achieved by running docker rmi --force headers.security.api.

Alternatively, if you have GNU make installed, simply run make (or make update if you need to rebuild the image after making changes to the code).

🚧 Local development

Both the API and frontend project need to be started separately.

📜 Prerequisites

• .NET 9 SDK
• Node JS v23+
• mkcert (to automate setting up valid HTTPS certificates for Vite dev server)

Starting the API

1. Go to the API directory

   cd headers.security.Api

2. Start the server

   ASPNETCORE_URLS=https://localhost:5000 DOTNET_ENVIRONMENT=Development dotnet watch

Starting the SPA dev server

1. Go to the Frontend directory

   cd headers.security.Api/Frontend

2. Install dependencies

   npm i

3. Start the server

   npm run dev

4. Browse to the Vite dev server at https://localhost:5123