header-with-log-module.py

import requests

HEADER_REFERENCES = {
    'Content-Security-Policy': 'OWASP Content Security Policy',
    'X-XSS-Protection': 'OWASP XSS (Cross Site Scripting) Prevention Cheat Sheet',
    'X-Frame-Options': 'OWASP Clickjacking Defense Cheat Sheet',
    'Strict-Transport-Security': 'OWASP Transport Layer Protection Cheat Sheet',
    'Access-Control-Allow-Origin': 'OWASP Cross-Origin Resource Sharing (CORS) Cheat Sheet',
    'Authorization': 'OWASP JSON Web Token Cheat Sheet',
}

def scan_header(url):
    """
    Scans the security headers of a given URL and performs vulnerability checks.

    Args:
        url (str): The URL of the web application to scan.

    Returns:
        None

    Raises:
        ValueError: If the provided URL is invalid or inaccessible.
    """
    try:
        response = requests.head(url)
        headers = response.headers

        for header, reference in HEADER_REFERENCES.items():
            if header in headers:
                print(f"[+] {header} header found.")
                # Perform further checks or actions related to the header
            else:
                print(f"[-] {header} header not found.")
                print(f"Reference: [{reference}]")

        # Access specific header values
        content_type = headers.get('Content-Type')
        server = headers.get('Server')
        # ... Perform actions based on specific header values

        # Perform additional tasks or analysis based on the headers

        # Call the scan_csp function
        scan_csp(url=url)

    except requests.exceptions.RequestException as e:
        print(f"[-] Error occurred while scanning URL: {url}")
        print(f"Error details: {str(e)}")