HTTP Security Header Checker

cli, http-header, http-headers, infosec, python3, sech3r, security, security-headers, security-http-header, security-tools
pip install sech3r==4.9


SéCh3r v4.9

A Security HTTP-Header Checker. # Demoisturize it!

What's this?

This is a tool, used in order to determine the presence of Security HTTP-Headers along with version disclosure checks.


  • Checks if security headers are present
  • Checks if Version Disclosure headers are present
  • Have got a fancy output
  • Will Google you for CVEs (from the disclosed version number via HTTP Headers)
  • Have got silent mode, in case you wanna see only URL and headers
  • Verbose mode, if you want to inspect whole HTTP Header response
  • No redirect mode, in case don't wanna redirect
  • Insecure mode, if you wanna ignore TLS/SSL warnings
  • No color mode, in case escapes sequences are creating issues
  • Can also take file input, for several URLs to be tested for HTTP Headers
  • Can also save the output, in the form of JSON File


In order to get this tool running, follow the instruction below:

Installation via pip

$ python3 -m pip install sech3r  # Super User permission, accordingly.

Installation via GitHub

$ git clone
$ cd sech3r
$ python3 install  # Super User permission, accordingly.

Use without installation

$ git clone
$ cd sech3r
$ python3 -m pip install -U -r requirements.txt  # Super User permission, accordingly.
$ python3 ./


Just provide the command line arguments accordingly, and Demoisturize it! :p

$ sech3r -h
     /  __       ____
 ()  _ / () |)    __/ ,_
 /\ |/|     |/\     \/  |
/(_)|_/\___/|  |/\__/   |/

    sech3r [--verbose] [--searchForVuln] [--noRedirects] [--insecure] [--noColor] [--quiet] [--output <filename>]
    sech3r <urls>... [--verbose] [--searchForVuln] [--noRedirects] [--insecure] [--noColor] [--quiet] [--output <filename>]
    sech3r [--verbose] [--searchForVuln] [--noRedirects] [--insecure] [--noColor] [--quiet] [--input <filename>] [--output <filename>]
    sech3r -h | --help
    sech3r -V | --version

    -h --help               Display help, basically this screen.
    -V --version            Display version number.
    <urls>                  Optional URL(s) input from the Command-Line.
    -v --verbose            Show verbose output.
    -s --searchForVuln      Open Default WebBrowser, Googling for Vulnerabilities.
    -r --noRedirects        Do not follow HTTP-redirects.
    -k --insecure           Bypass TLS/SSL verification.
    -c --noColor            No Colours to be used for the Output.
    -q --quiet              Silent Mode, nothing else not even colors.
    -i --input <filename>   Take URLs from a file, Single URL per line
    -o --output <filename>  Save output to a file, a JSON output of headers

    sech3r -i in.json
    sech3r -vs -o out.json
    sech3r -vr
    sech3r -c
    sech3r -q
    sech3r -vsirc


  • Additional Header Assesments for better output

</> with <3 --naryal2580