Pricing

$1.00 / 1,000 url scans

Go to Apify Store

HTTP Security Headers Analyzer

Try for free

Audit HTTP response headers (CSP, HSTS, X-Frame-Options) to verify web application security and compliance standards.

Pricing

$1.00 / 1,000 url scans

Rating

0.0

(0)

Developer

Andok

Actor stats

Bookmarked

Total users

Monthly active users

19 days ago

Last modified

Categories

Business

Developer tools

URLs

urls

Optional

List of URLs to analyze for security headers. Each URL will be checked for HSTS, CSP, X-Frame-Options, and other OWASP-recommended headers.

Type:array

Default:

[
  "https://google.com"
]

Single URL

url

Optional

Single URL to analyze. Use the URLs field above for bulk scanning.

Type:string

Follow redirects

followRedirects

Optional

Whether to follow HTTP redirects before analyzing headers. Enable this to check the final destination rather than the initial response.

Type:boolean

Default:true

Max redirects

maxRedirects

Optional

Maximum number of redirects to follow per URL. Increase if your URLs pass through multiple CDN or load balancer hops.

Type:integer

Minimum:0

Maximum:20

Default:5

Timeout (seconds)

timeoutSeconds

Optional

Request timeout per URL in seconds. Increase for slow-responding servers or high-latency targets.

Type:integer

Minimum:1

Maximum:120

Default:15

Concurrency

concurrency

Optional

Number of URLs to scan in parallel. Higher values speed up large batches but may trigger rate limiting.

Type:integer

Minimum:1

Maximum:25

Default:5

HTTP method

method

Optional

HTTP method for requests. HEAD is faster and sufficient for most servers. Switch to GET if a server returns different headers for HEAD requests.

Type:string

Default:HEAD

Options:

HEADGET

Security Headers Checker

pillowy_travel/security-headers-checker

Analyze HTTP security headers of websites and generate a security score. Detect missing headers like CSP, HSTS, X-Frame-Options, and more. Perfect for web security audits, vulnerability checks, learning, and automated monitoring.

SAHIL KUMAR

Security Headers Checker - Audit CSP, HSTS, XFO and more

scrappy_garden/security-headers-checker

Check common HTTP security headers for one or more URLs (Content-Security-Policy, Strict-Transport-Security, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy, COOP/COEP/CORP). Useful for quick security hardening audits.

Bikram Adhikari

HTTP Headers Security Checker

automation-lab/http-headers-security-checker

This actor checks 12 HTTP security headers for any list of websites and produces a security grade with actionable findings. It identifies missing headers, weak configurations, and provides specific recommendations. Use it for security audits, compliance checks, or monitoring your web...

Stas Persiianenko

Http Header Inspector

zerobreak/http-header-inspector

HTTP header inspector that pulls response headers from any URL, scores them for security gaps, and flags missing CSP, HSTS, and X-Frame-Options, so teams can audit caching, redirects, and server config without running curl.

ZeroBreak

Website Security & Vulnerability Audit

smart-digital/website-security-vulnerability-audit

Automated security and vulnerability audit for websites. Detects WordPress plugin vulnerabilities, checks for updates, analyzes SSL/TLS, security headers, and CMS security

My Smart Digital

5.0

Security Headers Checker API | OWASP Audit

taroyamada/security-headers-checker

Audit OWASP security headers in bulk, grade each site, and monitor header drift across client or product portfolios.

太郎山田

Fast HTML Fetcher

rixin/fast-html-fetcher

From $0.2/1k reqs. Fast HTTP fetcher that returns raw HTML content, HTTP status codes, and response headers for any URL. Supports custom headers, user agent, proxy, redirect control, and SSL bypass. Perfect for web monitoring, content extraction, and API testing.

Rixin Sc

X-Frame-Options Header Checker - Prevent clickjacking

scrappy_garden/x-frame-options-header-checker

Fetches URLs and validates the X-Frame-Options response header (DENY/SAMEORIGIN). Flags missing/invalid/deprecated values and also detects CSP frame-ancestors. Outputs per-URL results plus SUMMARY and REPORT.

Bikram Adhikari

CORS Policy Checker - Audit Access-Control-* headers

scrappy_garden/cors-policy-checker

Check CORS response headers (Access-Control-Allow-Origin, -Credentials, -Methods, -Headers, -Expose-Headers, -Max-Age, Vary: Origin) for one or more URLs. Optionally performs a preflight OPTIONS check. Useful for debugging browser/API integrations and spotting risky CORS misconfigurations.

Bikram Adhikari

HSTS Header Checker - Strict-Transport-Security audit

scrappy_garden/hsts-header-checker

Fetches URLs and validates the Strict-Transport-Security (HSTS) response header. Parses directives (max-age/includeSubDomains/preload), flags missing/invalid configuration, and checks common best practices. Outputs per-URL results plus SUMMARY and REPORT.

Bikram Adhikari