Provide console command to review security settings

[ghost]

The console command should inspect the current security settings and give hints which settings should also be enabled.

• report missing CSP directives (neither enforced nor reported)
• report other missing security features like Clickjacking Protection, Forced HTTPS/SSL Handling

Such a reporting might be especially useful if new CSP versions add new directives or if entirely new security mechanisms are added to this bundle.

[Seldaek]

Not against it but I am unlikely to find time to work on it so if you or anyone else would like to send a pull request that'd be great.

[bartveneman]

A bit like https://report-uri.io/home/analyse/ does? (Try entering https://github.com/ as url)