Merlin
Security Headers Scanner

Security Headers Scanner

Get a full analysis of your site security headers, and understand how to easily improve your Client-Side security posture.

Merlin
Upgrade to view and diff full source code
Additional files are visible only to premium users

manifest.json

{
  "update_url": "https://clients2.google.com/service/update2/crx",
  "manifest_version": 2,
  "name": "Security Headers Scanner",
  "description": "Get a full analysis of your site security headers, and understand how to easily improve your Client-Side security posture.",
  "version": "1.0.4",
  "minimum_chrome_version": "10.0",
  "permissions": [
    "webRequest",
    "tabs",
    "cookies",
    "*://*/*"
  ],
  "background": {
    "scripts": [
      "js/background.js",
      "js/vendor.js"
    ],
    "persistent": true
  },
  "browser_action": {
    "default_icon": "assets/icons/inactive.png",
    "default_popup": "popup.html"
  },
  "content_security_policy": "default-src 'self'; font-src data:; img-src * 'self' data: blob: www.google-analytics.com ssl.google-analytics.com www.google.com analytics.google.com; script-src 'self' 'unsafe-eval' https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com; style-src 'self' 'unsafe-inline'; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://ampcid.google.com https://analytics.google.com about: https://securityheaderscanner.com;",
  "icons": {
    "16": "assets/icons/16.png",
    "48": "assets/icons/48.png",
    "128": "assets/icons/128.png"
  }
}