VOOZH about

URL: https://apify.com/accurate_pouch/security-headers

โ‡ฑ Security Headers Checker โ€” OWASP Audit & Grading ยท Apify

๐Ÿ‘ Security Headers Checker โ€” OWASP Audit & Grading avatar

Security Headers Checker โ€” OWASP Audit & Grading

Pricing

$4.00 / 1,000 url security checks

Go to Apify Store

Security Headers Checker โ€” OWASP Audit & Grading

Audit 12 HTTP security headers (HSTS, CSP, X-Frame-Options, Referrer-Policy, Permissions-Policy, COOP, CORP, COEP). A-F grading, actionable recommendations. 5 URLs free.

Pricing

$4.00 / 1,000 url security checks

Rating

0.0

(0)

Developer

๐Ÿ‘ Manchitt Sanan

Manchitt Sanan

Maintained by Community

Actor stats

0

Bookmarked

2

Total users

1

Monthly active users

a month ago

Last modified

Share

Audit 12 HTTP security headers in bulk. Get an A-F security grade per URL with weighted scoring, actionable recommendations, and webhook alerts for failing sites. 5 URLs.

What it checks

HeaderWeightWhat it prevents
Strict-Transport-Security (HSTS)15%Downgrade attacks, SSL stripping
Content-Security-Policy (CSP)15%XSS, code injection
X-Content-Type-Options10%MIME type sniffing
X-Frame-Options10%Clickjacking
Referrer-Policy10%Information leakage
Permissions-Policy10%Unauthorized feature access (camera, mic, location)
X-XSS-Protection5%Legacy XSS filter (deprecated, CSP preferred)
Cross-Origin-Opener-Policy5%Cross-origin window attacks
Cross-Origin-Resource-Policy5%Unauthorized resource embedding
Cross-Origin-Embedder-Policy5%Spectre-class side-channel attacks
Cache-Control5%Sensitive data caching
X-Permitted-Cross-Domain-Policies5%Flash/PDF cross-domain access

Grading

GradeScoreMeaning
A+95-100Excellent โ€” all critical headers present and configured
A85-94Good โ€” minor improvements possible
B70-84Acceptable โ€” some headers missing
C50-69Needs work โ€” several security gaps
D30-49Poor โ€” significant exposure
F0-29Failing โ€” critical headers missing

Quick start

{
"urls":["https://google.com","https://github.com"]
}

Input

FieldTypeDefaultDescription
urlsarray(required)URLs to audit
timeoutinteger10000Request timeout in ms
webhookUrlstring(optional)POST alert when any site gets D or F grade
dryRunbooleanfalseAudit without charges

Output

{
"url":"https://example.com",
"grade":"C",
"score":55,
"headers":[
{
"header":"strict-transport-security",
"present":true,
"value":"max-age=31536000; includeSubDomains",
"status":"pass",
"recommendation":"Present and correctly configured",
"weight":15
},
{
"header":"content-security-policy",
"present":false,
"value":null,
"status":"fail",
"recommendation":"Add Content-Security-Policy header. Start with: default-src 'self'; script-src 'self'",
"weight":15
}
],
"summary":{"passed":5,"warnings":3,"failed":4,"total":12},
"status":"success"
}

Pricing

$0.003 per URL checked (pay-per-event pricing).

  • Errors and dry runs are never charged.
  • 100 URLs = $0.30

Related actors in this suite

Other tools by accurate_pouch for security + site health:

  • SSL Monitor โ€” Certificate chain, expiry, fingerprint, key size, webhook. $0.004/domain.
  • DNS/WHOIS Suite โ€” Full DNS lookup + RDAP. $0.004/domain.
  • Lighthouse Auditor โ€” PageSpeed Insights API, Core Web Vitals, deltas, competitor comparison. $0.005/audit.
  • Tech Stack Detector โ€” 7,517 signatures across 105 categories. $0.02/URL.
  • TheCrawler โ€” Web scraper + LLM-powered structured extraction. AGPL-3.0, also on npm (thecrawler@0.1.1). $0.005/page.

Run on Apify

๐Ÿ‘ Run on Apify

No setup needed. Click above to run in the cloud. $0.003 per operation.

You might also like

๐Ÿ›ก๏ธ Security Headers Checker

taroyamada/security-headers-checker

Audit HTTP security headers in bulk across hundreds of websites. Extract OWASP compliance grades and detect missing HSTS or CSP directives instantly.

Security Headers Checker

pillowy_travel/security-headers-checker

Analyze HTTP security headers of websites and generate a security score. Detect missing headers like CSP, HSTS, X-Frame-Options, and more. Perfect for web security audits, vulnerability checks, learning, and automated monitoring.

HTTP Probe -- TLS, Security Headers, Redirects

jungle_synthesizer/ssl-security-headers-checker

Bulk site-health probe: TLS certificate, security-header grading (CSP, HSTS, X-Frame-Options, Permissions-Policy + 5 others, A/B/C/D/F grade), redirect chain, TTFB, HTTP/2 + HTTP/3, IPv6 reachability. Built for devops, security, and CI pipelines.

๐Ÿ‘ User avatar

BowTiedRaccoon

2

Http Header Inspector

zerobreak/http-header-inspector

HTTP header inspector that pulls response headers from any URL, scores them for security gaps, and flags missing CSP, HSTS, and X-Frame-Options, so teams can audit caching, redirects, and server config without running curl.

Website Security & Vulnerability Audit

smart-digital/website-security-vulnerability-audit

Automated security and vulnerability audit for websites. Detects WordPress plugin vulnerabilities, checks for updates, analyzes SSL/TLS, security headers, and CMS security

My Smart Digital

34

5.0

Related articles

How to send HTTP headers with cURL
Read more
HTTP headers with Axios: a comprehensive guide
Read more