👁 Security Headers Checker - Audit CSP, HSTS, XFO and more avatar

Security Headers Checker - Audit CSP, HSTS, XFO and more

Pricing

$4.99/month + usage

👁 Security Headers Checker - Audit CSP, HSTS, XFO and more

Security Headers Checker - Audit CSP, HSTS, XFO and more

Check common HTTP security headers for one or more URLs (Content-Security-Policy, Strict-Transport-Security, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy, COOP/COEP/CORP). Useful for quick security hardening audits.

Pricing

$4.99/month + usage

Rating

0.0

(0)

Developer

👁 Bikram Adhikari

Bikram Adhikari

Maintained by Community

Actor stats

Bookmarked

Total users

Monthly active users

5 months ago

Last modified

Security Headers Checker

Audit common HTTP security headers for one or more URLs.

This Actor fetches response headers (HEAD-first with GET fallback) and reports missing/weak settings for:

Content-Security-Policy (CSP)
Strict-Transport-Security (HSTS)
X-Frame-Options / CSP frame-ancestors
X-Content-Type-Options
Referrer-Policy
Permissions-Policy
Cross-Origin-Opener-Policy (COOP)
Cross-Origin-Embedder-Policy (COEP)
Cross-Origin-Resource-Policy (CORP)
X-Permitted-Cross-Domain-Policies

Input

Start URLs: list of URLs to check
Follow redirects: evaluate headers on the final URL (recommended)
Use HEAD request first: faster, falls back to GET when servers do not support HEAD
Check Set-Cookie flags (basic): optional basic cookie security checks
Warn on Server / X-Powered-By: optional fingerprinting warnings

Output

Dataset (per URL)

Each item includes startUrl, finalUrl, statusCode, securityScore, issues, and the checked header values.

Key-value store

SUMMARY: totals + header presence counts
REPORT: SUMMARY plus top issues across all checked URLs

Notes

Security headers are context-dependent. Treat findings as an audit checklist, not an absolute pass/fail.
Some sites set headers only on specific paths (e.g., app routes). Include representative URLs.

Quick start

Store page: https://apify.com/scrappy_garden/security-headers-checker

Paste this into Input and click Run:

{
"startUrls":[
{
"url":"https://example.com/"
}
],
"proxyConfiguration":{
"useApifyProxy":false
}
}

Outputs (what you get)

Dataset: Dataset items typically include fields like: startUrl, finalUrl, statusCode, redirected, securityScore, warningCount, errorCount, issues, checkedAt.
Key-value store: REPORT, SUMMARY

Tips (trust + predictable results)

Start with 1–3 URLs to validate behavior, then scale up.
If a target blocks requests, enable Proxy and/or slow down concurrency in Input.
Use the SUMMARY / REPORT keys (when present) for automation pipelines and monitoring.

Related actors

hsts-header-checker (https://apify.com/scrappy_garden/hsts-header-checker)
cache-control-checker (https://apify.com/scrappy_garden/cache-control-checker)
content-type-header-validator (https://apify.com/scrappy_garden/content-type-header-validator)
x-frame-options-header-checker (https://apify.com/scrappy_garden/x-frame-options-header-checker)

Search keywords

security headers checker, security headers checker - audit csp, hsts, xfo and more, website audit, seo, http headers

HTTP Security Headers Audit

mbeato/apimesh-security-headers

Audit 10 HTTP security headers with A+ to F grading. Checks CSP, HSTS, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy, and more.

👁 User avatar

Maximus Beato

👁 Security Headers Checker — OWASP Audit & Grading avatar

Security Headers Checker — OWASP Audit & Grading

accurate_pouch/security-headers

Audit 12 HTTP security headers (HSTS, CSP, X-Frame-Options, Referrer-Policy, Permissions-Policy, COOP, CORP, COEP). A-F grading, actionable recommendations. 5 URLs free.

👁 User avatar

Manchitt Sanan

Security Headers Checker API - HTTP Security Scanner

pink_comic/security-headers-checker

Security Headers Checker API for bulk HTTP security scans. Audit HSTS, CSP, X-Frame-Options, referrer and permissions policies, missing headers, website hardening gaps, and compliance posture. Returns grades, findings, and header evidence for security audits.

👁 User avatar

Ava Torres

👁 Security Headers Checker avatar

Security Headers Checker

pillowy_travel/security-headers-checker

Analyze HTTP security headers of websites and generate a security score. Detect missing headers like CSP, HSTS, X-Frame-Options, and more. Perfect for web security audits, vulnerability checks, learning, and automated monitoring.

👁 User avatar

SAHIL KUMAR

HTTP Security Headers Analyzer

andok/security-headers-analyzer

Audit HTTP response headers (CSP, HSTS, X-Frame-Options) to verify web application security and compliance standards.

👁 User avatar

Andok

👁 🛡️ Security Headers Checker avatar

🛡️ Security Headers Checker

taroyamada/security-headers-checker

Audit HTTP security headers in bulk across hundreds of websites. Extract OWASP compliance grades and detect missing HSTS or CSP directives instantly.

👁 User avatar

naoki anzai

👁 HTTP Probe -- TLS, Security Headers, Redirects avatar

HTTP Probe -- TLS, Security Headers, Redirects

jungle_synthesizer/ssl-security-headers-checker

Bulk site-health probe: TLS certificate, security-header grading (CSP, HSTS, X-Frame-Options, Permissions-Policy + 5 others, A/B/C/D/F grade), redirect chain, TTFB, HTTP/2 + HTTP/3, IPv6 reachability. Built for devops, security, and CI pipelines.

👁 User avatar

BowTiedRaccoon

👁 Website Security & Vulnerability Audit avatar

Website Security & Vulnerability Audit

smart-digital/website-security-vulnerability-audit

Automated security and vulnerability audit for websites. Detects WordPress plugin vulnerabilities, checks for updates, analyzes SSL/TLS, security headers, and CMS security

My Smart Digital

5.0

GitHub Repo Security Audit (bulk)

gocreative.ai/github-security-audit

Audit a list of GitHub repos for security signals: open dependabot alerts surface, security policy presence, license, and basic risk indicators. Great pre-acquisition diligence input.

GoCreative AI

HSTS Header Checker - Strict-Transport-Security audit

scrappy_garden/hsts-header-checker

Fetches URLs and validates the Strict-Transport-Security (HSTS) response header. Parses directives (max-age/includeSubDomains/preload), flags missing/invalid configuration, and checks common best practices. Outputs per-URL results plus SUMMARY and REPORT.

👁 User avatar

Bikram Adhikari

URL: https://apify.com/scrappy_garden/security-headers-checker

⇱ Security Headers Checker - Audit CSP, HSTS, XFO and more · Apify

Security Headers Checker - Audit CSP, HSTS, XFO and more

Security Headers Checker

Input

Output

Dataset (per URL)

Key-value store

Notes

Quick start

Outputs (what you get)

Tips (trust + predictable results)

Related actors

Search keywords

You might also like

HTTP Security Headers Audit

Security Headers Checker — OWASP Audit & Grading

Security Headers Checker API - HTTP Security Scanner

Security Headers Checker

HTTP Security Headers Analyzer

🛡️ Security Headers Checker

HTTP Probe -- TLS, Security Headers, Redirects

Website Security & Vulnerability Audit

GitHub Repo Security Audit (bulk)

HSTS Header Checker - Strict-Transport-Security audit