HSTS Header Checker - Strict-Transport-Security audit

Pricing

Pay per usage

HSTS Header Checker - Strict-Transport-Security audit

Fetches URLs and validates the Strict-Transport-Security (HSTS) response header. Parses directives (max-age/includeSubDomains/preload), flags missing/invalid configuration, and checks common best practices. Outputs per-URL results plus SUMMARY and REPORT.

Pricing

Pay per usage

Rating

0.0

(0)

Developer

Bikram Adhikari

Maintained by Community

Actor stats

Bookmarked

Total users

Monthly active users

2 hours ago

Last modified

HSTS Header Checker

Checks the Strict-Transport-Security (HSTS) response header for a list of URLs.

It flags common problems such as:

Missing HSTS on HTTPS responses
Invalid header syntax (missing/invalid max-age)
max-age too low (configurable)
max-age=0 (disables HSTS)
preload present but preload requirements not met

Input

startUrls (required): URLs to check (Request List Sources format)
requestStrategy: HEAD_THEN_GET (default), HEAD_ONLY, GET_ONLY
followRedirects, maxRedirects
minMaxAgeSeconds: warn if max-age is below this value
requireIncludeSubDomains, requirePreload

Output

Dataset (per-URL)

Each item includes (among others):

startUrl, finalUrl, statusCode, usedMethod, timingMs
strictTransportSecurityRaw, maxAge, includeSubDomains, preload
score, ok, warningCount, errorCount, issues

Key-value store

SUMMARY (JSON)
REPORT (JSON)

Example input

{
  "startUrls": [
    { "url": "https://example.com" },
    { "url": "http://example.com" }
  ],
  "maxUrls": 2,
  "timeoutSecs": 20,
  "requestStrategy": "HEAD_THEN_GET",
  "followRedirects": true,
  "maxRedirects": 10,
  "minMaxAgeSeconds": 15552000,
  "requireIncludeSubDomains": false,
  "requirePreload": false,
  "maxConcurrency": 5,
  "proxyConfiguration": { "useApifyProxy": false }
}

Quick start

Store page: https://apify.com/scrappy_garden/hsts-header-checker

Paste this into Input and click Run:

{
  "startUrls": [
    {
      "url": "https://example.com/"
    }
  ],
  "proxyConfiguration": {
    "useApifyProxy": false
  }
}

Outputs (what you get)

Dataset: Dataset items typically include fields like: startUrl, finalUrl, statusCode, strictTransportSecurityRaw, maxAge, includeSubDomains, preload, score, ok, warningCount.
Key-value store: REPORT, SUMMARY

Tips (trust + predictable results)

Start with 1–3 URLs to validate behavior, then scale up.
If a target blocks requests, enable Proxy and/or slow down concurrency in Input.
Use the SUMMARY / REPORT keys (when present) for automation pipelines and monitoring.

security-headers-checker (https://apify.com/scrappy_garden/security-headers-checker)
cache-control-checker (https://apify.com/scrappy_garden/cache-control-checker)
content-type-header-validator (https://apify.com/scrappy_garden/content-type-header-validator)
x-frame-options-header-checker (https://apify.com/scrappy_garden/x-frame-options-header-checker)

Search keywords

hsts header checker, hsts header checker - strict-transport-security audit, website audit, seo, http headers

Security Headers Checker - Audit CSP, HSTS, XFO and more

scrappy_garden/security-headers-checker

Check common HTTP security headers for one or more URLs (Content-Security-Policy, Strict-Transport-Security, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy, COOP/COEP/CORP). Useful for quick security hardening audits.

Bikram Adhikari

Bug Bounty Recon Scanner

iamuendo/Bug-Bounty-Recon-Scanner

Find exposed admin panels, missing/weak security headers, sensitive file leaks, and HTTPS misconfigurations across target domains. Export prioritised risk scores and JSON reports. Run via API, schedule scans, or integrate with bug bounty tools.

Isaac Muendo

Website Security & Vulnerability Audit

smart-digital/website-security-vulnerability-audit

Automated security and vulnerability audit for websites. Detects WordPress plugin vulnerabilities, checks for updates, analyzes SSL/TLS, security headers, and CMS security

My Smart Digital

5.0

(1)

Seobility SEO Checker (Unlimited)

maged120/seobility-seo-checker

the most powerful scraper for seobility SEO checker tool, the output might feel overwhelming but it's full of details and possibilites, check it out

Maged

5.0

(1)

Website Tech Stack Detector

benthepythondev/website-tech-detector

Detect technologies, frameworks, CMS, analytics, hosting, and more used by any website. Perfect for competitive analysis, sales intelligence, and tech research.

ben

Security Headers Checker

pillowy_travel/security-headers-checker

Analyze HTTP security headers of websites and generate a security score. Detect missing headers like CSP, HSTS, X-Frame-Options, and more. Perfect for web security audits, vulnerability checks, learning, and automated monitoring.

SAHIL KUMAR

DNS Lookup | Scrape Domain Records & Security Intelligence

datascoutapi/dns-lookup

DNS lookup scrapes 22 data points including 10 DNS records (A, AAAA, MX, TXT, NS, CNAME, SOA, SRV, PTR, CAA) + email security analysis ( SPF/DKIM/DMARC), SSL certificate checker, domain monitoring. Processes 100 domains per batch with security scoring.

halam

Cookie Security Flags Checker

scrappy_garden/cookie-security-flags-checker

Fetch URLs and analyze Set-Cookie response headers for security attributes: Secure, HttpOnly, SameSite, plus __Host- / __Secure- prefix rules. Produces per-cookie results with warnings/errors and writes SUMMARY + REPORT for quick auditing.

Bikram Adhikari

Accessibility Scanner

gabrielaxy/accessibility-scanner

Scan any website for WCAG accessibility compliance using axe-core. Get detailed reports with fix code suggestions, severity scores, and remediation priorities. Supports CI/CD integration with threshold-based pass/fail and competitor benchmarking to compare your accessibility against others.

Gabriel Antony Xaviour

7-Zip Recursive Archive Extractor: Enterprise-Grade Automation

roach-sama/universal-archive-extractor

High-performance 7-Zip extractor supporting 30+ formats (ZIP, RAR, 7Z, TAR, ISO, GZIP, BZIP2, XZ, CAB & more). Features recursive nested archive extraction, CRC-based incremental updates to skip unchanged files, security filtering, and dual KV Store + Dataset output. Saves up to 90% compute costs.