drheaderplus-mcp

MCP server for DrHeaderPlus — audit HTTP security headers from AI assistants.

Checks URLs or raw headers against security best practices: OWASP, CSP, HSTS, cookie flags, CORS, and more.

Quick Start

uvx drheaderplus-mcp

Or install via pip:

pip install drheaderplus-mcp

Add to your AI assistant

Claude Code:

claude mcp add drheaderplus -- uvx drheaderplus-mcp

Claude Desktop (claude_desktop_config.json):

{
  "mcpServers": {
    "drheaderplus": {
      "command": "uvx",
      "args": ["drheaderplus-mcp"]
    }
  }
}

VS Code (.vscode/mcp.json):

{
  "servers": {
    "drheaderplus": {
      "command": "uvx",
      "args": ["drheaderplus-mcp"]
    }
  }
}

Tools

Tool	Description
scan_url	Fetch headers from a URL and audit them, including CORS probing
analyze_headers	Audit headers you already have — no network call needed
scan_bulk	Scan multiple URLs at once with per-URL error handling
list_presets	Discover available ruleset presets

See API Reference for parameters, response formats, and when to use each tool.

Usage

Ask your AI assistant:

Scan https://example.com for security header issues using drheaderplus

Each finding includes rule, severity (high/medium/low), message, and value. Empty list means all checks passed.

Documentation

• API Reference — tool parameters, response formats, preset comparison
• Examples — practical usage scenarios
• Security Headers Guide — what each header does and how to fix findings
• CI/CD Integration — validate headers in your deployment pipeline
• Troubleshooting — common issues and debugging

Debugging

npx @modelcontextprotocol/inspector uvx drheaderplus-mcp

Development

pip install -e ".[dev]"
python -m pytest tests/ -v

License

MIT