Analyze HTTP response headers for security misconfigurations and missing security controls. Tests for CSP, HSTS, X-Frame-Options, and other critical security headers.