You can access the Security Headers Checker API | OWASP Audit programmatically from your own applications by using the Apify API. You can also choose the language preference from below. To use the Apify API, you’ll need an Apify account and your API token, found in Integrations settings in Apify Console.

Python

JavaScript

CLI

OpenAPI

HTTP

MCP

1from apify_client import ApifyClient
2
3# Initialize the ApifyClient with your Apify API token
4# Replace '<YOUR_API_TOKEN>' with your token.
5client = ApifyClient("<YOUR_API_TOKEN>")
6
7# Prepare the Actor input
8run_input = { "urls": [
9        "https://google.com",
10        "https://github.com",
11        "https://example.com",
12    ] }
13
14# Run the Actor and wait for it to finish
15run = client.actor("taroyamada/security-headers-checker").call(run_input=run_input)
16
17# Fetch and print Actor results from the run's dataset (if there are any)
18print("💾 Check your data here: https://console.apify.com/storage/datasets/" + run["defaultDatasetId"])
19for item in client.dataset(run["defaultDatasetId"]).iterate_items():
20    print(item)
21
22# 📚 Want to learn more 📖? Go to → https://docs.apify.com/api/client/python/docs/quick-start

Security Headers Checker API - OWASP Website Audit Tool API in Python

The Apify API client for Python is the official library that allows you to use Security Headers Checker API | OWASP Audit API in Python, providing convenience functions and automatic retries on errors.

Install the apify-client

$pip install apify-client

Other API clients include:

Security Headers Checker API | OWASP Audit API in JavaScript

Security Headers Checker API | OWASP Audit API through CLI

Security Headers Checker API | OWASP Audit OpenAPI definition

Security Headers Checker API | OWASP Audit API

Security Headers Checker

pillowy_travel/security-headers-checker

Analyze HTTP security headers of websites and generate a security score. Detect missing headers like CSP, HSTS, X-Frame-Options, and more. Perfect for web security audits, vulnerability checks, learning, and automated monitoring.

SAHIL KUMAR

HTTP Headers Security Checker

automation-lab/http-headers-security-checker

This actor checks 12 HTTP security headers for any list of websites and produces a security grade with actionable findings. It identifies missing headers, weak configurations, and provides specific recommendations. Use it for security audits, compliance checks, or monitoring your web...

Stas Persiianenko

Website Security & Vulnerability Audit

smart-digital/website-security-vulnerability-audit

Automated security and vulnerability audit for websites. Detects WordPress plugin vulnerabilities, checks for updates, analyzes SSL/TLS, security headers, and CMS security

My Smart Digital

5.0

HTTP Security Headers Analyzer

andok/security-headers-analyzer

Audit HTTP response headers (CSP, HSTS, X-Frame-Options) to verify web application security and compliance standards.

Andok

Security Headers Checker - Audit CSP, HSTS, XFO and more

scrappy_garden/security-headers-checker

Check common HTTP security headers for one or more URLs (Content-Security-Policy, Strict-Transport-Security, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy, COOP/COEP/CORP). Useful for quick security hardening audits.

Bikram Adhikari

Http Header Inspector

zerobreak/http-header-inspector

HTTP header inspector that pulls response headers from any URL, scores them for security gaps, and flags missing CSP, HSTS, and X-Frame-Options, so teams can audit caching, redirects, and server config without running curl.

ZeroBreak

CORS Policy Checker - Audit Access-Control-* headers

scrappy_garden/cors-policy-checker

Check CORS response headers (Access-Control-Allow-Origin, -Credentials, -Methods, -Headers, -Expose-Headers, -Max-Age, Vary: Origin) for one or more URLs. Optionally performs a preflight OPTIONS check. Useful for debugging browser/API integrations and spotting risky CORS misconfigurations.

Bikram Adhikari

HSTS Header Checker - Strict-Transport-Security audit

scrappy_garden/hsts-header-checker

Fetches URLs and validates the Strict-Transport-Security (HSTS) response header. Parses directives (max-age/includeSubDomains/preload), flags missing/invalid configuration, and checks common best practices. Outputs per-URL results plus SUMMARY and REPORT.

Bikram Adhikari

DNS / SPF / DKIM / DMARC Audit API

taroyamada/dns-dmarc-security-checker

Audit SPF, DKIM, DMARC, and MX in bulk with grades, fix-ready recommendations, and recurring email-security monitoring.

太郎山田

Security.txt Checker

automation-lab/security-txt-checker

This actor checks websites for a security.txt file as defined by RFC 9116. It looks in `/.well-known/security.txt` and `/security.txt`, parses contact information, encryption keys, expiration dates, and validates compliance with the standard.

Stas Persiianenko