HTTP Security Headers Analyzer — CSP, HSTS Grader avatar

HTTP Security Headers Analyzer — CSP, HSTS Grader

Pricing

Pay per usage

Try for free
Go to Apify Store
HTTP Security Headers Analyzer — CSP, HSTS Grader

HTTP Security Headers Analyzer — CSP, HSTS Grader

Try for free

Pricing

Pay per usage

Rating

0.0

(0)

Developer

Technical Dost Solutions

Technical Dost Solutions

Maintained by Community

Actor stats

0

Bookmarked

2

Total users

1

Monthly active users

a day ago

Last modified

Categories

Developer tools

Automation

Share

HTTP Security Headers Analyzer Analyze and grade any site's HTTP security headers — CSP, HSTS, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy — with an A–F grade. No API key. Built for developers who need fast, reliable, bulk results without managing servers or proxies.

Features

  • One structured JSON record per url.
  • Bulk + concurrent — process up to 100 urls per run.
  • No proxy, no browser, no API key — fast and low-cost.
  • Graceful failures: unreachable inputs return ok: false with an error; the run never crashes.

Input

{"urls": ["https://github.com", "https://apify.com"], "maxItems": 100}

Output

One record per url:

{
  "url": "https://github.com",
  "ok": true,
  "status": 200,
  "grade": "A",
  "score": 9,
  "maxScore": 9,
  "present": ["HSTS", "CSP", "X-Frame-Options"],
  "missing": [],
  "headers": {"HSTS": "max-age=31536000"}
}

Who it's for

  • Security engineers auditing web apps
  • Pentesters & bug-bounty hunters
  • DevSecOps CI gates
  • Agencies running site security reports

How to use

  1. Add your urls to the urls input field.
  2. Run the Actor and read one structured record per input from the dataset.
  3. Export as JSON, CSV, or Excel, or call the Actor's API from your backend.

FAQ

Do I need an API key? No. You provide urls; the Actor does the rest. Does it return personal data? No — only public infrastructure/metadata, never personal contact data. What formats can I export? JSON, CSV, and Excel via the dataset, or the Actor API.

Pricing

Pay-per-event: a tiny per-run start fee plus a small per-result charge. You pay only for successful results. See the Pricing tab.

Further reading

  • Keyword: HTTP security headers analyzer.

You might also like

W&

Website & Domain Health Audit — SSL, DNS, Email, Security Score

inexhaustible_glass/domain-health-audit

Complete website & domain audit in one run: SSL/TLS, DNS, SPF/DKIM/DMARC email security, security headers, tech stack, WHOIS, blacklist & uptime — with a health score and fix list. No API key.

User avatar

Hitman studio

3

HS

HTTP Security Headers Analyzer

andok/security-headers-analyzer

Audit HTTP response headers (CSP, HSTS, X-Frame-Options) to verify web application security and compliance standards.

User avatar

Andok

3

SSL Certificate Expiry Monitor avatar

SSL Certificate Expiry Monitor

andok/ssl-certificate-monitor

Monitor SSL/TLS certificate validity and expiration dates across thousands of domains to prevent costly outages.

User avatar

Andok

3

DMARC & Email Security Checker avatar

DMARC & Email Security Checker

taroyamada/dns-dmarc-security-checker

Validate domain infrastructure in bulk to boost email deliverability. Extract DMARC policies, SPF records, and MX configurations to keep outreach out of spam.

User avatar

naoki anzai

5

WP

Website Performance Analyzer — Speed Test & Core Web Vitals

scrapeworks/website-performance-analyzer

Test website speed for any list of URLs: TTFB, load time, page weight, compression, redirects, caching and security headers — with a transparent 0-100 score and findings. Optionally adds the Google Lighthouse score and Core Web Vitals (FCP, LCP, CLS, TBT) via PageSpeed Insights.

User avatar

Nicolas van Arkens

2

Company Deep Research — SEC, GitHub, DNS & Social avatar

Company Deep Research — SEC, GitHub, DNS & Social

ryanclinton/company-deep-research

Generate comprehensive company research reports from 7+ sources: SEC filings, stock data, Wikipedia, GitHub, Trustpilot reviews, DNS records, and social media verification. One domain in, full intelligence report out.

User avatar

Ryan Clinton

28

🛡️ Security Headers Checker avatar

🛡️ Security Headers Checker

taroyamada/security-headers-checker

Audit HTTP security headers in bulk across hundreds of websites. Extract OWASP compliance grades and detect missing HSTS or CSP directives instantly.

User avatar

naoki anzai

2

Techstack Detector avatar

Techstack Detector

cerridwen/techstack-detector

Detect 7500+ technologies on any website. Identifies CMS, frameworks, CDNs, analytics, payment processors & more. Includes DNS/TLS analysis, security scoring, cost estimation & stack comparison. Powered by Wappalyzer + custom multi-layer detection.

User avatar

Cerridwen

36

SEO ZOMBIE SLAYER avatar

SEO ZOMBIE SLAYER

actor_researcher.48/seo-zombie-slayer

SEO Zombie Slayer crawls websites to hunt dead links, SEO issues, performance problems, and security risks. Includes Lighthouse audits, competitor comparison, and a fun game mode with XP, levels, and boss battles to turn SEO audits into action

User avatar

ANIRBAN ROY

6

5.0

(1)

SC

SSL Cipher Suite & Security Scanner

andok/ssl-cipher-checker

Audit TLS versions and negotiated cipher suites for a list of domains to ensure compliance and robust web security.

User avatar

Andok

4

OSINT Website Intelligence Analyzer avatar

OSINT Website Intelligence Analyzer

onescales/website-intelligence-analyzer-osint

All-in-one website analysis tool. Run 30 OSINT checks on any URL — DNS, SSL, WHOIS, tech stack, security headers, email security, open ports, and more. Get a complete site profile in seconds.

User avatar

One Scales

96

5.0

(3)