Head(er)s Up! Detecting Security Header Inconsistencies in Browsers

In the modern Web, security headers are of the utmost importance for websites to provide protection against various attacks, such as Cross-Site Scripting, Clickjacking, and Cross-Site Leaks. As each security header uses a different syntax and has unique processing rules, correctly implementing them is a complex task for both browser and website developers. Inconsistency in browser behavior related to security headers harms websites as their security depends on their users' browsers. At the same time, compatibility issues may deter developers from deploying such headers in the first place.