Adds HTTP security header checks

api/http-security.js

@@ -0,0 +1,25 @@
+const axios = require('axios');
+const middleware = require('./_common/middleware');
+
+const handler = async (url) => {
+  const fullUrl = url.startsWith('http') ? url : `http://${url}`;
+  
+  try {
+    const response = await axios.get(fullUrl);
+    const headers = response.headers;
+    return {
+      strictTransportPolicy: headers['strict-transport-policy'] ? true : false,
+      xFrameOptions: headers['x-frame-options'] ? true : false,
+      xContentTypeOptions: headers['x-content-type-options'] ? true : false,
+      xXSSProtection: headers['x-xss-protection'] ? true : false,
+      contentSecurityPolicy: headers['content-security-policy'] ? true : false,
+    }
+  } catch (error) {
+    return {
+      statusCode: 500,
+      body: JSON.stringify({ error: error.message }),
+    };
+  }
+};
+
+exports.handler = middleware(handler);

src/components/Results/HttpSecurity.tsx

@@ -0,0 +1,17 @@
+import { Card } from 'components/Form/Card';
+import Row from 'components/Form/Row';
+
+const HttpSecurityCard = (props: { data: any, title: string, actionButtons: any }): JSX.Element => {
+  const data = props.data;
+  return (
+    <Card heading={props.title} actionButtons={props.actionButtons}>
+      <Row lbl="Content Security Policy" val={data.contentSecurityPolicy ? '✅ Yes' : '❌ No' } />
+      <Row lbl="Strict Transport Policy" val={data.strictTransportPolicy ? '✅ Yes' : '❌ No' } />
+      <Row lbl="X-Content-Type-Options" val={data.xContentTypeOptions ? '✅ Yes' : '❌ No' } />
+      <Row lbl="X-Frame-Options" val={data.xFrameOptions ? '✅ Yes' : '❌ No' } />
+      <Row lbl="X-XSS-Protection" val={data.xXSSProtection ? '✅ Yes' : '❌ No' } />
+    </Card>
+  );
+}
+
+export default HttpSecurityCard;