Pricing

Pay per usage

Security Headers Checker — OWASP Audit & Grading

Audit 12 HTTP security headers (HSTS, CSP, X-Frame-Options, Referrer-Policy, Permissions-Policy, COOP, CORP, COEP). A-F grading, actionable recommendations. 5 URLs free.

Pricing

Pay per usage

Rating

0.0

(0)

Developer

Manchitt Sanan

Actor stats

Bookmarked

Total users

Monthly active users

15 hours ago

Last modified

What it checks

Header	Weight	What it prevents
Strict-Transport-Security (HSTS)	15%	Downgrade attacks, SSL stripping
Content-Security-Policy (CSP)	15%	XSS, code injection
X-Content-Type-Options	10%	MIME type sniffing
X-Frame-Options	10%	Clickjacking
Referrer-Policy	10%	Information leakage
Permissions-Policy	10%	Unauthorized feature access (camera, mic, location)
X-XSS-Protection	5%	Legacy XSS filter (deprecated, CSP preferred)
Cross-Origin-Opener-Policy	5%	Cross-origin window attacks
Cross-Origin-Resource-Policy	5%	Unauthorized resource embedding
Cross-Origin-Embedder-Policy	5%	Spectre-class side-channel attacks
Cache-Control	5%	Sensitive data caching
X-Permitted-Cross-Domain-Policies	5%	Flash/PDF cross-domain access

Grading

Grade	Score	Meaning
A+	95-100	Excellent — all critical headers present and configured
A	85-94	Good — minor improvements possible
B	70-84	Acceptable — some headers missing
C	50-69	Needs work — several security gaps
D	30-49	Poor — significant exposure
F	0-29	Failing — critical headers missing

Quick start

{
    "urls": ["https://google.com", "https://github.com"]
}

Input

Field	Type	Default	Description
`urls`	array	(required)	URLs to audit
`timeout`	integer	`10000`	Request timeout in ms
`webhookUrl`	string	(optional)	POST alert when any site gets D or F grade
`dryRun`	boolean	`false`	Audit without charges

Output

{
    "url": "https://example.com",
    "grade": "C",
    "score": 55,
    "headers": [
        {
            "header": "strict-transport-security",
            "present": true,
            "value": "max-age=31536000; includeSubDomains",
            "status": "pass",
            "recommendation": "Present and correctly configured",
            "weight": 15
        },
        {
            "header": "content-security-policy",
            "present": false,
            "value": null,
            "status": "fail",
            "recommendation": "Add Content-Security-Policy header. Start with: default-src 'self'; script-src 'self'",
            "weight": 15
        }
    ],
    "summary": { "passed": 5, "warnings": 3, "failed": 4, "total": 12 },
    "status": "success"
}

Pricing

$0.003 per URL checked (pay-per-event pricing).

Errors and dry runs are never charged.
100 URLs = $0.30

SSL Monitor — Bulk SSL certificate expiry monitoring and chain validation.
Broken Link Checker — Recursively crawl your website and find every broken link.
Lighthouse Auditor — Batch Lighthouse audits for performance, SEO, and Core Web Vitals.
Email Validator Pro — Bulk email validation with SMTP check and deliverability scoring.
Domain Age Checker — Bulk RDAP domain age and registration lookup.
Google Sheets Reader & Writer — Read any Google Sheet to JSON or append rows.

Run on Apify

No setup needed. Click above to run in the cloud. $0.003 per operation.

Security Headers Checker API | OWASP Audit

taroyamada/security-headers-checker

Audit OWASP security headers in bulk, grade each site, and monitor header drift across client or product portfolios.

太郎山田

DNS / SPF / DKIM / DMARC Audit API

taroyamada/dns-dmarc-security-checker

Audit SPF, DKIM, DMARC, and MX in bulk with grades, fix-ready recommendations, and recurring email-security monitoring.

太郎山田

HTTP Headers Security Checker

automation-lab/http-headers-security-checker

This actor checks 12 HTTP security headers for any list of websites and produces a security grade with actionable findings. It identifies missing headers, weak configurations, and provides specific recommendations. Use it for security audits, compliance checks, or monitoring your web...

Stas Persiianenko

Website Change Monitor — Content Diff & Alerts

accurate_pouch/website-change-monitor

Monitor websites for content changes. Text diff, hash comparison, CSS selector targeting. Webhook alerts when content changes. Use with Apify scheduling for daily monitoring. 5 URLs free.

Manchitt Sanan

HTTP Security Headers Analyzer

andok/security-headers-analyzer

Audit HTTP response headers (CSP, HSTS, X-Frame-Options) to verify web application security and compliance standards.

Andok

SSL Certificate Monitor API | Expiry + Issuer Changes

taroyamada/ssl-certificate-monitor

Check SSL/TLS certificates in bulk, detect expiry and issuer changes, and emit alert-ready rows for ops and SEO teams.

太郎山田

WCAG Accessibility Checker API | ADA & EAA Compliance Audit

taroyamada/wcag-accessibility-checker

Audit websites for WCAG 2.1 accessibility compliance in bulk. Get A-F grades, violation details with severity, and actionable remediation steps per URL.

太郎山田

Privacy & Cookie Compliance Scanner | GDPR / CCPA Banner Audit

taroyamada/privacy-cookie-compliance-scanner

Scan public privacy pages and cookie banners for GDPR/CCPA compliance signals. Returns one clean compliance summary row per site with banner detection, consent framework identification, policy freshness, and recommended actions.

太郎山田

robots.txt AI Policy Monitor | GPTBot ClaudeBot

taroyamada/robotstxt-ai-checker

Detect GPTBot, ClaudeBot, Google-Extended, and other AI crawler policies in robots.txt, then monitor policy shifts over time.

太郎山田

📜 Open-Source License & Dependency Audit API

taroyamada/open-source-license-dependency-audit

Audit npm packages for license risk, dependency depth, maintainer activity, and compliance posture. One clean summary row per package — no brittle scraping, just stable registry metadata. Perfect for legal/compliance teams, engineering leads, and procurement workflows.

太郎山田