Pricing

from $7.00 / 1,000 results

Security Headers Audit & Monitor

Bulk-check websites for OWASP-recommended security headers (HSTS, CSP, X-Frame-Options, etc). Scores each site and detects configuration changes between runs.

Pricing

from $7.00 / 1,000 results

Rating

0.0

(0)

Developer

太郎山田

Actor stats

Bookmarked

Total users

Monthly active users

5 hours ago

Last modified

What does this actor do?

Sends a simple HTTP HEAD request to each URL and evaluates 10 OWASP-recommended security headers. Each site gets a score (0-100) and grade (A-F) with actionable fix suggestions.

Key Features

🛡️ 10 OWASP headers checked — HSTS, CSP, X-Frame-Options, Referrer-Policy, and more
📊 Security scoring — 0-100 with A-F grade per site
💡 Fix recommendations — Exact header values to add (e.g., Strict-Transport-Security: max-age=31536000)
🔄 Change tracking — Detects grade/score changes between runs
📋 Bulk processing — Check up to 200 URLs per run
🪝 Webhook + CI/CD — Use in security pipelines

Headers Checked

Header	Weight	Why It Matters
Strict-Transport-Security (HSTS)	20	Forces HTTPS
Content-Security-Policy (CSP)	20	Prevents XSS
X-Content-Type-Options	10	Prevents MIME sniffing
X-Frame-Options	10	Prevents clickjacking
Referrer-Policy	10	Controls referrer leakage
Permissions-Policy	10	Restricts browser features
X-XSS-Protection	5	Legacy XSS filter
Cross-Origin-Opener-Policy	5	Isolates browsing context
Cross-Origin-Resource-Policy	5	Controls resource sharing
X-DNS-Prefetch-Control	5	Controls DNS prefetching

Input Example

{
  "urls": ["https://google.com", "https://github.com", "https://example.com"],
  "followRedirects": true,
  "concurrency": 5
}

Output Example

{
  "url": "https://github.com",
  "score": { "total": 75, "grade": "B" },
  "statusCode": 200,
  "headers": {
    "strict-transport-security": "max-age=31536000; includeSubdomains; preload",
    "x-frame-options": "deny",
    "x-content-type-options": "nosniff"
  },
  "score": {
    "total": 75,
    "grade": "B",
    "details": [
      { "header": "strict-transport-security", "status": "pass", "points": 20 },
      { "header": "content-security-policy", "status": "missing", "points": 0, "note": "Missing. Add a Content-Security-Policy header" }
    ]
  }
}

Cost

Zero external costs. Simple HTTP HEAD requests — no API keys, no proxies. A run checking 100 URLs takes ~15 seconds.

Commercial Ops

Set up .env first:

$cp -n .env.example .env

Cloud Task/Schedule setup (idempotent):

$npm run apify:cloud:setup

Daily reliability checks:

npm run canary:check
npm run contract:test:live

OpenClaw cron commands:

openclaw-cron-commands.md

Website Security & Vulnerability Audit

smart-digital/website-security-vulnerability-audit

Automated security and vulnerability audit for websites. Detects WordPress plugin vulnerabilities, checks for updates, analyzes SSL/TLS, security headers, and CMS security

My Smart Digital

5.0

(1)

Web Page Change Monitor - Track Website Changes & Get Alerts

scrappy_garden/web-page-change-monitor

Monitor any website for changes automatically. Track content updates, price changes, product availability, news updates. Get instant alerts when pages change. Perfect for competitor monitoring, price tracking, content surveillance, and automated change detection. Export change history to JSON.

Bikram Adhikari

Bug Bounty Recon Scanner

iamuendo/Bug-Bounty-Recon-Scanner

Find exposed admin panels, missing/weak security headers, sensitive file leaks, and HTTPS misconfigurations across target domains. Export prioritised risk scores and JSON reports. Run via API, schedule scans, or integrate with bug bounty tools.

Isaac Muendo

JSON Content Checker & Validator - API Testing Tool

scrappy_garden/json-content-checker

Validate JSON content, check API responses, monitor data quality, and detect schema changes. Perfect for API testing, data validation, quality assurance, and monitoring JSON endpoints. Supports JSONPath, schema validation, and custom rules.

Bikram Adhikari

Image Alt Text Checker

scrappy_garden/image-alt-text-checker

Audit web pages for missing, empty, and low-quality image alt text. Extracts <img> tags, flags missing/empty/generic alt attributes, and produces per-page results for SEO and accessibility (WCAG) reviews. Supports depth-limited link crawling and outputs a SUMMARY + REPORT for QA and monitoring.

Bikram Adhikari

DNS Lookup | Scrape Domain Records & Security Intelligence

datascoutapi/dns-lookup

DNS lookup scrapes 22 data points including 10 DNS records (A, AAAA, MX, TXT, NS, CNAME, SOA, SRV, PTR, CAA) + email security analysis ( SPF/DKIM/DMARC), SSL certificate checker, domain monitoring. Processes 100 domains per batch with security scoring.

halam

Notion Automation Toolkit

waxlike_polecat/notion-automation-toolkit

Automate your Notion workspace - Export, backup, migrate, and manage your Notion content at scale with 9 powerful automation tasks.

Mohamed Ali DHIBA

Supernet Domain Health - Email Reputation Audit

superlativetech/supernet-domain-health

Email authentication and deliverability audit for any domain. Checks SPF, DKIM, DMARC, MX, blacklists, SSL, WHOIS, BIMI, MTA-STS — returns a 0-100 health score with actionable fixes. Sending or receiving mode. Batch thousands or query one via instant API.

Superlative

Robots Txt Audit

apage/robots-txt-audit

Audit robots.txt files for AI crawler access. Get an AI Readiness Score (0-100), analyze 61+ AI crawlers (ChatGPT, Claude, Perplexity, Gemini), detect syntax errors, security concerns, and get actionable recommendations. Batch audit multiple domains at once with optional subdomain scanning.

Andy Page

7-Zip Recursive Archive Extractor: Enterprise-Grade Automation

roach-sama/universal-archive-extractor

High-performance 7-Zip extractor supporting 30+ formats (ZIP, RAR, 7Z, TAR, ISO, GZIP, BZIP2, XZ, CAB & more). Features recursive nested archive extraction, CRC-based incremental updates to skip unchanged files, security filtering, and dual KV Store + Dataset output. Saves up to 90% compute costs.