FreeBrowser-onlyv3.0

NGINX CIS Hardening Checker

Based on CIS-style NGINX hardening recommendations

Paste your NGINX configuration and get a structured security audit. Each finding includes real-world attack context, OWASP mapping, detection confidence, and an exact config fix. Generate a fully hardened baseline config or export a minimal patch.

#nginx#cis#security#hardening#devsecops

Configuration analyzed locally in your browser. Nothing is uploaded or transmitted.

What this scanner checks

HIGH
  • server_tokens on
  • autoindex on
  • Legacy TLS 1.0/1.1
  • No HTTPS
  • Missing HSTS
  • Dotfile exposure
  • Weak ciphers
MEDIUM
  • X-Frame-Options
  • X-Content-Type-Options
  • Content-Security-Policy
  • Referrer-Policy
  • HTTP/1.0 proxying
  • Upstream keepalive
  • Proxy header forwarding
LOW
  • Rate limiting
  • Gzip compression
  • keepalive_timeout
  • client_max_body_size
  • sendfile
  • Permissions-Policy
  • TLS session cache

Scoring

Score starts at 100. Deductions: High −10, Medium −5, Low −2. Each finding includes OWASP mapping, attack type, detection confidence, and a real-world impact explanation.

80–100

CIS Compliant

50–79

Partial

0–49

Non-Compliant

Related tools