Dev Tools · 1h ago
Portfolio site audits its own security headers live
A developer built a portfolio page that fetches its own URL and displays security headers in real time, checking for missing headers like CSP and HSTS. The script uses a same-origin HEAD request to read headers, and also checks for a meta tag CSP that might differ from the HTTP header. The project highlights how static sites can verify their security posture without external tools.
Meridian48 take
Clever demo, but the real challenge is maintaining header consistency across edge and origin — a live audit is only as good as the deployment pipeline that enforces it.
Read the full reporting
"I made my portfolio site audit its own security headers, live, in front of you" →
DEV Community
security-headersportfolio-audit