├── LICENSE.md ├── README.md ├── background.html ├── background.js ├── icons ├── A.png ├── Aplus.png ├── B.png ├── C.png ├── D.png ├── E.png ├── F.png ├── Q.png ├── R.png ├── security-headers-icon-128.png └── security-headers-icon-48.png ├── manifest.json ├── security headers extension.xpi └── security headers extension.zip /LICENSE.md: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2016 Scott Helme 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # securityheaders.io browser extension 2 | The Chrome and Firefox extension for securityheaders.io 3 | 4 | You can get the release version of the extension here: 5 | 6 | Chrome - https://scotthel.me/shce 7 | Firefox - https://scotthel.me/shfe -------------------------------------------------------------------------------- /background.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 |

8 | 9 | 10 | -------------------------------------------------------------------------------- /background.js: -------------------------------------------------------------------------------- 1 | var score = ""; 2 | var xhr = new XMLHttpRequest(); 3 | var hasClicked = false; 4 | var currentURL = ""; 5 | var currentTab = ""; 6 | 7 | // Fire when user clicks icon 8 | chrome.browserAction.onClicked.addListener(function (tab) { 9 | var host = tab.url.match(/^[\w-]+:\/*\[?([\w\.:-]+)\]?(?::\d+)?/)[0]; 10 | 11 | if (hasClicked) { 12 | chrome.tabs.create({ url: "https://securityheaders.io/?hide=on&source=chromeplugin&q=" + host }); 13 | } 14 | else 15 | { 16 | hasClicked = true; 17 | if(isValidURL(host)) { 18 | xhr.open("HEAD", "https://securityheaders.io/?hide=on&source=chromeplugin&q=" + host, true); 19 | xhr.send(); 20 | } 21 | } 22 | currentURL = tab.url; 23 | currentTab = tab.id; 24 | }); 25 | 26 | // Handle tab switching 27 | chrome.tabs.onActivated.addListener(function ({ tabId }) { 28 | setDefault(); 29 | currentTab = tabId; 30 | chrome.tabs.get(tabId, function (tab) { 31 | currentURL = tab.url; 32 | }); 33 | }); 34 | 35 | // Handle URL changes 36 | chrome.tabs.onUpdated.addListener(function (tabId, changeInfo, tab) { 37 | if(tab.url != currentURL && tabId == currentTab) { 38 | setDefault(); 39 | } 40 | }); 41 | 42 | // Handle XMLHTTP State Changes 43 | xhr.onreadystatechange = function() { 44 | if (xhr.readyState == 4 && xhr.status == 200) { 45 | score = JSON.parse(atob((xhr.getResponseHeader('X-Score')))); 46 | switch(score.score) { 47 | case "A+": 48 | chrome.browserAction.setIcon({path: 'icons/Aplus.png'}); 49 | break; 50 | 51 | case "A": 52 | chrome.browserAction.setIcon({path: 'icons/A.png'}); 53 | break; 54 | 55 | case "B": 56 | chrome.browserAction.setIcon({path: 'icons/B.png'}); 57 | break; 58 | 59 | case "C": 60 | chrome.browserAction.setIcon({path: 'icons/C.png'}); 61 | break; 62 | 63 | case "D": 64 | chrome.browserAction.setIcon({path: 'icons/D.png'}); 65 | break; 66 | 67 | case "E": 68 | chrome.browserAction.setIcon({path: 'icons/E.png'}); 69 | break; 70 | 71 | case "F": 72 | chrome.browserAction.setIcon({path: 'icons/F.png'}); 73 | break; 74 | 75 | case "R": 76 | chrome.browserAction.setIcon({path: 'icons/R.png'}); 77 | break; 78 | 79 | case "Q": // error 80 | chrome.browserAction.setIcon({path: 'icons/Q.png'}); 81 | break; 82 | 83 | default: 84 | // do nothing 85 | break; 86 | } 87 | } 88 | } 89 | 90 | function isValidURL(url) { 91 | return (url.indexOf("http://") == 0 || url.indexOf("https://") == 0) ? true : false; 92 | } 93 | 94 | function setDefault() { 95 | chrome.browserAction.setIcon({path: 'icons/security-headers-icon-48.png'}); 96 | hasClicked = false; 97 | } 98 | -------------------------------------------------------------------------------- /icons/A.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/securityheaders/security-headers-extension/f4d0f593e5076a8a8990542bcb8bb94639ee71e2/icons/A.png -------------------------------------------------------------------------------- /icons/Aplus.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/securityheaders/security-headers-extension/f4d0f593e5076a8a8990542bcb8bb94639ee71e2/icons/Aplus.png -------------------------------------------------------------------------------- /icons/B.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/securityheaders/security-headers-extension/f4d0f593e5076a8a8990542bcb8bb94639ee71e2/icons/B.png -------------------------------------------------------------------------------- /icons/C.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/securityheaders/security-headers-extension/f4d0f593e5076a8a8990542bcb8bb94639ee71e2/icons/C.png -------------------------------------------------------------------------------- /icons/D.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/securityheaders/security-headers-extension/f4d0f593e5076a8a8990542bcb8bb94639ee71e2/icons/D.png -------------------------------------------------------------------------------- /icons/E.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/securityheaders/security-headers-extension/f4d0f593e5076a8a8990542bcb8bb94639ee71e2/icons/E.png -------------------------------------------------------------------------------- /icons/F.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/securityheaders/security-headers-extension/f4d0f593e5076a8a8990542bcb8bb94639ee71e2/icons/F.png -------------------------------------------------------------------------------- /icons/Q.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/securityheaders/security-headers-extension/f4d0f593e5076a8a8990542bcb8bb94639ee71e2/icons/Q.png -------------------------------------------------------------------------------- /icons/R.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/securityheaders/security-headers-extension/f4d0f593e5076a8a8990542bcb8bb94639ee71e2/icons/R.png -------------------------------------------------------------------------------- /icons/security-headers-icon-128.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/securityheaders/security-headers-extension/f4d0f593e5076a8a8990542bcb8bb94639ee71e2/icons/security-headers-icon-128.png -------------------------------------------------------------------------------- /icons/security-headers-icon-48.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/securityheaders/security-headers-extension/f4d0f593e5076a8a8990542bcb8bb94639ee71e2/icons/security-headers-icon-48.png -------------------------------------------------------------------------------- /manifest.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "SecurityHeaders.io Analyser", 3 | "short_name": "securityheaders.io", 4 | "description": "Click to show the score for the current page. Click again to show the full report on our site.", 5 | "version": "1.1", 6 | "applications": { 7 | "gecko": { 8 | "id": "scotthelme@hotmail.com" 9 | } 10 | }, 11 | "permissions": ["tabs", "https://securityheaders.io/*"], 12 | "background": { 13 | "page": "background.html" 14 | }, 15 | "browser_action": { 16 | "default_icon": { 17 | "48": "icons/security-headers-icon-48.png" 18 | }, 19 | "default_title": "SecurityHeaders.io" 20 | }, 21 | "manifest_version": 2, 22 | "icons": { 23 | "48": "icons/security-headers-icon-48.png", 24 | "128": "icons/security-headers-icon-128.png" } 25 | } 26 | -------------------------------------------------------------------------------- /security headers extension.xpi: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/securityheaders/security-headers-extension/f4d0f593e5076a8a8990542bcb8bb94639ee71e2/security headers extension.xpi -------------------------------------------------------------------------------- /security headers extension.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/securityheaders/security-headers-extension/f4d0f593e5076a8a8990542bcb8bb94639ee71e2/security headers extension.zip --------------------------------------------------------------------------------