👁 X-Frame-Options Header Checker - Prevent clickjacking avatar

X-Frame-Options Header Checker - Prevent clickjacking

Pricing

$4.99/month + usage

👁 X-Frame-Options Header Checker - Prevent clickjacking

X-Frame-Options Header Checker - Prevent clickjacking

Fetches URLs and validates the X-Frame-Options response header (DENY/SAMEORIGIN). Flags missing/invalid/deprecated values and also detects CSP frame-ancestors. Outputs per-URL results plus SUMMARY and REPORT.

Pricing

$4.99/month + usage

Rating

0.0

(0)

Developer

👁 Bikram Adhikari

Bikram Adhikari

Maintained by Community

Actor stats

Bookmarked

Total users

Monthly active users

5 months ago

Last modified

X-Frame-Options Header Checker

Checks whether a website returns X-Frame-Options response header to help prevent clickjacking.

Modern note: Many sites use CSP frame-ancestors instead of (or in addition to) X-Frame-Options. This Actor reports both.

What the Actor does

For each URL it:

Fetches response headers (HEAD first, optional GET fallback)
Parses X-Frame-Options (supports DENY, SAMEORIGIN, flags deprecated ALLOW-FROM)
Detects Content-Security-Policy frame-ancestors directive (if present)
Outputs per-URL results plus SUMMARY and REPORT

Input

Start URLs (startUrls): Request List Sources format
Request strategy (requestStrategy): HEAD-only, GET-only, or HEAD→GET fallback
Expected directive (expectedDirective): ANY, DENY, or SAMEORIGIN
Warn on missing (warnOnMissing): warn if X-Frame-Options is missing

Plus: maxUrls, timeoutSecs, followRedirects, maxRedirects, maxConcurrency, and proxyConfiguration.

Output

Dataset (per-URL results)

Each item includes:

startUrl, finalUrl, statusCode, redirected, checkedAt, usedMethod, timingMs
xFrameOptionsRaw, directive, allowFrom
cspFrameAncestors (string or null)
score (0–100 heuristic), issues, warningCount, errorCount, ok

Key-value store

SUMMARY: aggregate counts and top issue codes
REPORT: same as summary (structured JSON)

Example input

{
"startUrls":[{"url":"https://example.com"}],
"maxUrls":1,
"timeoutSecs":20,
"requestStrategy":"HEAD_THEN_GET",
"expectedDirective":"ANY",
"warnOnMissing":true,
"maxConcurrency":2,
"proxyConfiguration":{"useApifyProxy":false}
}

Quick start

Store page: https://apify.com/scrappy_garden/x-frame-options-header-checker

Paste this into Input and click Run:

{
"startUrls":[
{
"url":"https://example.com/"
}
],
"proxyConfiguration":{
"useApifyProxy":false
}
}

Outputs (what you get)

Dataset: Dataset items typically include fields like: startUrl, finalUrl, statusCode, xFrameOptionsRaw, directive, allowFrom, cspFrameAncestors, score, ok, warningCount.
Key-value store: REPORT, SUMMARY

Tips (trust + predictable results)

Start with 1–3 URLs to validate behavior, then scale up.
If a target blocks requests, enable Proxy and/or slow down concurrency in Input.
Use the SUMMARY / REPORT keys (when present) for automation pipelines and monitoring.

Related actors

security-headers-checker (https://apify.com/scrappy_garden/security-headers-checker)
hsts-header-checker (https://apify.com/scrappy_garden/hsts-header-checker)
cache-control-checker (https://apify.com/scrappy_garden/cache-control-checker)
content-type-header-validator (https://apify.com/scrappy_garden/content-type-header-validator)

Search keywords

x frame options header checker, x-frame-options header checker - prevent clickjacking, website audit, seo, http headers

X-Content-Type-Options Header Checker - nosniff audit

scrappy_garden/x-content-type-options-header-checker

Fetches URLs and validates the X-Content-Type-Options response header. Flags missing header and invalid values (expects nosniff) to help prevent MIME sniffing attacks. Outputs per-URL results plus SUMMARY and REPORT.

👁 User avatar

Bikram Adhikari

👁 Http Header Inspector avatar

Http Header Inspector

zerobreak/http-header-inspector

HTTP header inspector that pulls response headers from any URL, scores them for security gaps, and flags missing CSP, HSTS, and X-Frame-Options, so teams can audit caching, redirects, and server config without running curl.

👁 User avatar

ZeroBreak

Content-Type Header Validator

scrappy_garden/content-type-header-validator

Fetches URLs and validates the Content-Type header (MIME type + optional charset). Flags missing/mismatched types and recommends X-Content-Type-Options: nosniff. Outputs per-URL results plus SUMMARY and REPORT.

👁 User avatar

Bikram Adhikari

Referrer-Policy Header Checker

scrappy_garden/referrer-policy-header-checker

Fetches URLs and validates the Referrer-Policy response header. Flags missing or risky policies (e.g., unsafe-url) and optionally checks against an expected policy. Outputs per-URL results plus SUMMARY and REPORT.

👁 User avatar

Bikram Adhikari

HSTS Header Checker - Strict-Transport-Security audit

scrappy_garden/hsts-header-checker

Fetches URLs and validates the Strict-Transport-Security (HSTS) response header. Parses directives (max-age/includeSubDomains/preload), flags missing/invalid configuration, and checks common best practices. Outputs per-URL results plus SUMMARY and REPORT.

👁 User avatar

Bikram Adhikari

Permissions-Policy Header Checker

scrappy_garden/permissions-policy-header-checker

Fetches URLs and analyzes the Permissions-Policy header (and legacy Feature-Policy). Flags missing headers, invalid syntax, and risky wildcard allowances for sensitive features like camera/microphone/geolocation. Outputs per-URL results plus SUMMARY and REPORT.

👁 User avatar

Bikram Adhikari

👁 Video Last Frame Extractor avatar

Video Last Frame Extractor

vectorcreai/videolastframecaptor

Extracts the last frame from short videos (up to 60s) and returns a public image URL plus a Base64 data URI. Perfect for thumbnails, previews and automation workflows.

👁 User avatar

Vector Creations AI

5.0

HTTP Security Headers Analyzer

andok/security-headers-analyzer

Audit HTTP response headers (CSP, HSTS, X-Frame-Options) to verify web application security and compliance standards.

👁 User avatar

Andok

HTTP Security Headers Audit

mbeato/apimesh-security-headers

Audit 10 HTTP security headers with A+ to F grading. Checks CSP, HSTS, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy, and more.

👁 User avatar

Maximus Beato

👁 YouTube Video Reverse Engineer AI Script, Frame & Hook Analysis avatar

YouTube Video Reverse Engineer AI Script, Frame & Hook Analysis

brilliant_gum/youtube-video-reverse-engineer

Turn any YouTube video into a blueprint. AI extracts hook formulas, script structure, retention techniques, style DNA, and audience engagement from top comments. Outputs are ready-to-use prompts — feed to ChatGPT for scripts or Midjurney for visuals. Premium adds frame-by-frame visual analysis.

👁 User avatar

Yuliia Kulakova

URL: https://apify.com/scrappy_garden/x-frame-options-header-checker