Security Headers Checker - Audit CSP, HSTS, XFO and more

Pricing

Pay per usage

Security Headers Checker - Audit CSP, HSTS, XFO and more

Check common HTTP security headers for one or more URLs (Content-Security-Policy, Strict-Transport-Security, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy, COOP/COEP/CORP). Useful for quick security hardening audits.

Pricing

Pay per usage

Rating

0.0

(0)

Developer

Bikram Adhikari

Maintained by Community

Actor stats

Bookmarked

Total users

Monthly active users

10 hours ago

Last modified

Security Headers Checker

Audit common HTTP security headers for one or more URLs.

This Actor fetches response headers (HEAD-first with GET fallback) and reports missing/weak settings for:

Content-Security-Policy (CSP)
Strict-Transport-Security (HSTS)
X-Frame-Options / CSP frame-ancestors
X-Content-Type-Options
Referrer-Policy
Permissions-Policy
Cross-Origin-Opener-Policy (COOP)
Cross-Origin-Embedder-Policy (COEP)
Cross-Origin-Resource-Policy (CORP)
X-Permitted-Cross-Domain-Policies

Input

Start URLs: list of URLs to check
Follow redirects: evaluate headers on the final URL (recommended)
Use HEAD request first: faster, falls back to GET when servers do not support HEAD
Check Set-Cookie flags (basic): optional basic cookie security checks
Warn on Server / X-Powered-By: optional fingerprinting warnings

Output

Dataset (per URL)

Each item includes startUrl, finalUrl, statusCode, securityScore, issues, and the checked header values.

Key-value store

SUMMARY: totals + header presence counts
REPORT: SUMMARY plus top issues across all checked URLs

Notes

Security headers are context-dependent. Treat findings as an audit checklist, not an absolute pass/fail.
Some sites set headers only on specific paths (e.g., app routes). Include representative URLs.

Quick start

Store page: https://apify.com/scrappy_garden/security-headers-checker

Paste this into Input and click Run:

{
  "startUrls": [
    {
      "url": "https://example.com/"
    }
  ],
  "proxyConfiguration": {
    "useApifyProxy": false
  }
}

Outputs (what you get)

Dataset: Dataset items typically include fields like: startUrl, finalUrl, statusCode, redirected, securityScore, warningCount, errorCount, issues, checkedAt.
Key-value store: REPORT, SUMMARY

Tips (trust + predictable results)

Start with 1–3 URLs to validate behavior, then scale up.
If a target blocks requests, enable Proxy and/or slow down concurrency in Input.
Use the SUMMARY / REPORT keys (when present) for automation pipelines and monitoring.

hsts-header-checker (https://apify.com/scrappy_garden/hsts-header-checker)
cache-control-checker (https://apify.com/scrappy_garden/cache-control-checker)
content-type-header-validator (https://apify.com/scrappy_garden/content-type-header-validator)
x-frame-options-header-checker (https://apify.com/scrappy_garden/x-frame-options-header-checker)

Search keywords

security headers checker, security headers checker - audit csp, hsts, xfo and more, website audit, seo, http headers

Security Headers Checker

pillowy_travel/security-headers-checker

Analyze HTTP security headers of websites and generate a security score. Detect missing headers like CSP, HSTS, X-Frame-Options, and more. Perfect for web security audits, vulnerability checks, learning, and automated monitoring.

SAHIL KUMAR

DNS Lookup | Scrape Domain Records & Security Intelligence

datascoutapi/dns-lookup

DNS lookup scrapes 22 data points including 10 DNS records (A, AAAA, MX, TXT, NS, CNAME, SOA, SRV, PTR, CAA) + email security analysis ( SPF/DKIM/DMARC), SSL certificate checker, domain monitoring. Processes 100 domains per batch with security scoring.

halam

HSTS Header Checker - Strict-Transport-Security audit

scrappy_garden/hsts-header-checker

Fetches URLs and validates the Strict-Transport-Security (HSTS) response header. Parses directives (max-age/includeSubDomains/preload), flags missing/invalid configuration, and checks common best practices. Outputs per-URL results plus SUMMARY and REPORT.

Bikram Adhikari

Bug Bounty Recon Scanner

iamuendo/Bug-Bounty-Recon-Scanner

Find exposed admin panels, missing/weak security headers, sensitive file leaks, and HTTPS misconfigurations across target domains. Export prioritised risk scores and JSON reports. Run via API, schedule scans, or integrate with bug bounty tools.

Isaac Muendo

Website Security & Vulnerability Audit

smart-digital/website-security-vulnerability-audit

Automated security and vulnerability audit for websites. Detects WordPress plugin vulnerabilities, checks for updates, analyzes SSL/TLS, security headers, and CMS security

My Smart Digital

5.0

(1)

Website Tech Stack Detector

benthepythondev/website-tech-detector

Detect technologies, frameworks, CMS, analytics, hosting, and more used by any website. Perfect for competitive analysis, sales intelligence, and tech research.

ben

Cookie Security Flags Checker

scrappy_garden/cookie-security-flags-checker

Fetch URLs and analyze Set-Cookie response headers for security attributes: Secure, HttpOnly, SameSite, plus __Host- / __Secure- prefix rules. Produces per-cookie results with warnings/errors and writes SUMMARY + REPORT for quick auditing.

Bikram Adhikari

CORS Policy Checker - Audit Access-Control-* headers

scrappy_garden/cors-policy-checker

Check CORS response headers (Access-Control-Allow-Origin, -Credentials, -Methods, -Headers, -Expose-Headers, -Max-Age, Vary: Origin) for one or more URLs. Optionally performs a preflight OPTIONS check. Useful for debugging browser/API integrations and spotting risky CORS misconfigurations.

Bikram Adhikari

X-Frame-Options Header Checker - Prevent clickjacking

scrappy_garden/x-frame-options-header-checker

Fetches URLs and validates the X-Frame-Options response header (DENY/SAMEORIGIN). Flags missing/invalid/deprecated values and also detects CSP frame-ancestors. Outputs per-URL results plus SUMMARY and REPORT.

Bikram Adhikari

Privacy Compliance Analyzer V.1

actor_researcher.48/privacy-compliance-analyzer-v-1

Educational tool analyzing website privacy compliance across 7 global frameworks (GDPR, CCPA/CPRA, LGPD, PIPEDA, APPI, PIPA, PDPB). Detects dark patterns, analyzes cookies, validates security headers. Generates detailed reports with actionable recommendations. Not legal advice.