SecHeaders is an educational project designed to teach and demonstrate HTTP Security Headers through live, isolated Proofs of Concept (PoCs). Each PoC shows:
- What protection the header is supposed to provide
- What happens when the header is missing or misconfigured
The project includes a unified Express application that loads all PoCs dynamically and provides a clean UI where users can explore each header interactively. Each header has its own folder under headers/, containing:
manifest.json(metadata used by the dashboard)index.html(README viewer)README.md(explanations, PoC notes, screenshots)- PoC-specific scripts (e.g.,
server.js, demo HTML files, assets)
SecHeaders/
├── headers/
│ ├── content-security-policy/
│ │ ├── index.html
│ │ ├── README.md
│ │ ├── manifest.json
│ │ └── (PoC files...)
│ ├── content-type/
│ ├── referrer-policy/
│ ├── strict-transport-security/
│ ├── x-content-type-options/
│ ├── x-frame-options/
│ ├── x-xss-protection/
│ ├── style.css ← shared UI styling
│
├── app/
│ ├── index.js ← creates the unified UI
│ ├── routerFactory.js ← mounts each PoC dynamically
│
├── unified-app.js ← main entry point
├── package.json
└── README.md ← (you are here)
Clone and enter the project:
git clone https://github.com/CSpanias/SecHeaders.git
cd SecHeadersInstall dependencies:
npm installStart the unified learning dashboard:
node unified-app.jsThen visit:
http://localhost:3000
You’ll see a dashboard listing all PoCs, each with its own description and link.
Each PoC can still be run standalone if you prefer testing them directly. For example:
cd headers/referrer-policy
node server.jsThen visit the URLs described in that PoC’s README.