CLI
Coming soon. In the meantime, curl is your CLI:
# Full scan
$ curl -s preflight.lol/example.com | jq
# CORS only
$ curl -s preflight.lol/example.com/cors | jq
# CSP analysis
$ curl -s preflight.lol/example.com/csp | jq
# Security headers
$ curl -s preflight.lol/example.com/headers | jq
# Redirect chain
$ curl -s preflight.lol/example.com/chain | jq
# Cache behavior
$ curl -s preflight.lol/example.com/cache | jq
# Simulate CORS
$ curl -s -X POST preflight.lol/cors \
-H "Content-Type: application/json" \
-d '{"target":"https://api.example.com","origin":"https://app.example.com"}' | jq
# Decode a CORS error
$ curl -s -X POST preflight.lol/error \
-H "Content-Type: application/json" \
-d '{"error":"No Access-Control-Allow-Origin header is present..."}' | jq
$ curl -s preflight.lol/example.com | jq
# CORS only
$ curl -s preflight.lol/example.com/cors | jq
# CSP analysis
$ curl -s preflight.lol/example.com/csp | jq
# Security headers
$ curl -s preflight.lol/example.com/headers | jq
# Redirect chain
$ curl -s preflight.lol/example.com/chain | jq
# Cache behavior
$ curl -s preflight.lol/example.com/cache | jq
# Simulate CORS
$ curl -s -X POST preflight.lol/cors \
-H "Content-Type: application/json" \
-d '{"target":"https://api.example.com","origin":"https://app.example.com"}' | jq
# Decode a CORS error
$ curl -s -X POST preflight.lol/error \
-H "Content-Type: application/json" \
-d '{"error":"No Access-Control-Allow-Origin header is present..."}' | jq