Cross-Origin-Opener-Policy (COOP) Header Checker

Pricing

Pay per usage

Cross-Origin-Opener-Policy (COOP) Header Checker

Fetches URLs and validates the Cross-Origin-Opener-Policy (COOP) and COOP-Report-Only response headers. Flags missing/invalid/unsafe policies to help with cross-origin isolation hardening. Outputs per-URL results plus SUMMARY and REPORT.

Pricing

Pay per usage

Rating

0.0

(0)

Developer

Bikram Adhikari

Maintained by Community

Actor stats

Bookmarked

Total users

Monthly active users

8 days ago

Last modified

What it checks

Missing COOP
Only report-only present (does not enforce)
Invalid/unknown policy token
Policy set to unsafe-none
Policy weaker than configured minimumPolicy

Input

startUrls (required)
requestStrategy: HEAD_THEN_GET (default), HEAD_ONLY, GET_ONLY
minimumPolicy: SAME_ORIGIN | SAME_ORIGIN_ALLOW_POPUPS (default) | PRESENT
warnOnMissing, warnOnUnsafeNone

Output

Dataset (per-URL)

Each item includes:

startUrl, finalUrl, statusCode, usedMethod, timingMs
coopRaw, coopPolicy, coopReportOnlyRaw, coopReportOnlyPolicy
score, ok, warningCount, errorCount, issues

Key-value store

SUMMARY (JSON)
REPORT (JSON)

Quick start

Store page: https://apify.com/scrappy_garden/cross-origin-opener-policy-header-checker

Paste this into Input and click Run:

{
  "startUrls": [
    {
      "url": "https://example.com/"
    }
  ],
  "proxyConfiguration": {
    "useApifyProxy": false
  }
}

Outputs (what you get)

Dataset: Dataset items typically include fields like: startUrl, finalUrl, statusCode, coopRaw, coopPolicy, coopReportOnlyRaw, coopReportOnlyPolicy, score, ok, warningCount.
Key-value store: REPORT, SUMMARY

Tips (trust + predictable results)

Start with 1–3 URLs to validate behavior, then scale up.
If a target blocks requests, enable Proxy and/or slow down concurrency in Input.
Use the SUMMARY / REPORT keys (when present) for automation pipelines and monitoring.

security-headers-checker (https://apify.com/scrappy_garden/security-headers-checker)
hsts-header-checker (https://apify.com/scrappy_garden/hsts-header-checker)
cache-control-checker (https://apify.com/scrappy_garden/cache-control-checker)
content-type-header-validator (https://apify.com/scrappy_garden/content-type-header-validator)

Search keywords

cross origin opener policy header checker, cross-origin-opener-policy (coop) header checker, website audit, seo, http headers

Referrer-Policy Header Checker

scrappy_garden/referrer-policy-header-checker

Fetches URLs and validates the Referrer-Policy response header. Flags missing or risky policies (e.g., unsafe-url) and optionally checks against an expected policy. Outputs per-URL results plus SUMMARY and REPORT.

Bikram Adhikari

Permissions-Policy Header Checker

scrappy_garden/permissions-policy-header-checker

Fetches URLs and analyzes the Permissions-Policy header (and legacy Feature-Policy). Flags missing headers, invalid syntax, and risky wildcard allowances for sensitive features like camera/microphone/geolocation. Outputs per-URL results plus SUMMARY and REPORT.

Bikram Adhikari

X-Content-Type-Options Header Checker - nosniff audit

scrappy_garden/x-content-type-options-header-checker

Fetches URLs and validates the X-Content-Type-Options response header. Flags missing header and invalid values (expects nosniff) to help prevent MIME sniffing attacks. Outputs per-URL results plus SUMMARY and REPORT.

Bikram Adhikari

Security Headers Checker - Audit CSP, HSTS, XFO and more

scrappy_garden/security-headers-checker

Check common HTTP security headers for one or more URLs (Content-Security-Policy, Strict-Transport-Security, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy, COOP/COEP/CORP). Useful for quick security hardening audits.

Bikram Adhikari

X-Frame-Options Header Checker - Prevent clickjacking

scrappy_garden/x-frame-options-header-checker

Fetches URLs and validates the X-Frame-Options response header (DENY/SAMEORIGIN). Flags missing/invalid/deprecated values and also detects CSP frame-ancestors. Outputs per-URL results plus SUMMARY and REPORT.

Bikram Adhikari

HSTS Header Checker - Strict-Transport-Security audit

scrappy_garden/hsts-header-checker

Fetches URLs and validates the Strict-Transport-Security (HSTS) response header. Parses directives (max-age/includeSubDomains/preload), flags missing/invalid configuration, and checks common best practices. Outputs per-URL results plus SUMMARY and REPORT.

Bikram Adhikari

CORS Policy Checker - Audit Access-Control-* headers

scrappy_garden/cors-policy-checker

Check CORS response headers (Access-Control-Allow-Origin, -Credentials, -Methods, -Headers, -Expose-Headers, -Max-Age, Vary: Origin) for one or more URLs. Optionally performs a preflight OPTIONS check. Useful for debugging browser/API integrations and spotting risky CORS misconfigurations.

Bikram Adhikari

Content-Type Header Validator

scrappy_garden/content-type-header-validator

Fetches URLs and validates the Content-Type header (MIME type + optional charset). Flags missing/mismatched types and recommends X-Content-Type-Options: nosniff. Outputs per-URL results plus SUMMARY and REPORT.

Bikram Adhikari

HTTP Compression Checker

scrappy_garden/http-compression-checker

Checks whether a URL serves compressed responses (br/gzip/deflate) and validates related headers such as Vary: Accept-Encoding for cache correctness. Outputs per-URL results plus SUMMARY and REPORT.

Bikram Adhikari