Tools / Security HTTPx / Use Cases / Probe Security Headers / Claude

How to Probe Security Headers with Claude

Check security headers with Claude and ToolRouter. Audit HTTP headers across your web properties.

Claude turns HTTP service probing into a thorough, conversational security review that connects each finding to its broader implications. Ask Claude to check security headers, discover hidden services, verify SSL configurations, and enumerate subdomains while explaining the risk and remediation for every issue found. Its chaining capability lets you start with a broad reconnaissance and progressively drill into specific areas of concern.

Connect ToolRouter to Claude

1Go to Settings → Connectors → Add custom connector

2Enter the details below and click Add

Name

ToolRouter

URL

https://api.toolrouter.com/mcp

3Done — works on Claude chat, desktop, and mobile

Steps

Once connected (see setup above), use the Security HTTPx tool:

Ask Claude: "Probe these hosts for security headers using security-httpx" and provide your domains
Claude scans each host and reports on security header presence and configuration
Review which headers are missing or misconfigured on each property
Add the recommended security headers to your web server configuration

Example Prompt

Try this with Claude using the Security HTTPx tool

Probe security headers on myapp.com, api.myapp.com, and docs.myapp.com. Check for CSP, HSTS, X-Frame-Options, and all other security headers.

Tips

Ask Claude to generate the exact header configuration for your web server (nginx, Apache, or CDN)
Test headers on both the main page and specific endpoints -- they can differ
Re-probe after making changes to verify headers are correctly applied

More Claude Guides

How to Discover Hidden Services with Claude How to Check SSL/TLS Config with Claude How to Enumerate Subdomains with Claude How to Detect Web Technologies with Claude How to Audit Response Headers with Claude

Related Workflows

Full Security AssessmentComprehensive security assessment combining infrastructure probing, vulnerability scanning, penetration testing, and CVE intelligence.SSL and DNS AuditAudit SSL certificates, DNS configuration, HTTP security headers, and domain registration for security gaps.Subdomain Security ScanEnumerate subdomains, probe services, scan for takeover vulnerabilities, and capture visual evidence.Infrastructure Health CheckVerify DNS resolution, service availability, and server locations to ensure infrastructure is healthy and correctly configured.Web Application Security TestCrawl a web application, analyze HTTP security, test for injections, and document findings with screenshots.Network ReconnaissanceMap the complete network attack surface through DNS enumeration, geolocation, service probing, and attack vector analysis.API Security TestingTest API endpoints for authentication flaws, injection vulnerabilities, and compliance with OWASP API Security Top 10.Certificate MonitoringMonitor SSL/TLS certificates for expiration, verify TLS configuration, and confirm domain ownership alignment.Cloud Security AuditAudit cloud infrastructure by discovering assets, probing for misconfigurations, testing cloud-specific attacks, and checking CVEs.Third-Party Risk AssessmentAssess third-party vendor security through identity verification, external security probing, attack surface analysis, and breach history.Continuous Security MonitoringMaintain ongoing security visibility through DNS monitoring, service probing, vulnerability scanning, and CVE tracking.Dark Web Exposure CheckCheck for organizational data exposure on the web including credential leaks, paste sites, and breach databases.