Audit a URL's HTTP security headers over a single body-free (HEAD) request. Grades Strict-Transport-Security, Content-Security-Policy, X-Frame-Options, X-Content-Type-Options, Referrer-Policy and Permissions-Policy, flags information-leak headers (Server, X-Powered-By), and returns the parsed values plus advisory warnings. Clean JSON for security and pentest automation.