Super simple Burp Suite extension adding passive scanner checks for missing security headers in server responses
Headers checked:
- Content-Security-Policy (CSP)
- Feature-Policy
- Strict-Transport-Security (HSTS)
- X-Frame-Options
- X-Content-Type-Options
- X-XSS-Protection
- Referrer-Policy
To build release JAR with all dependencies (by using com.github.johnrengelman.shadow Gradle plugin) execute the command below from project root directory:
./gradlew clean shadowJar