Security Headers Audit API — HTTP Header Analysis

Description

Check a website's HTTP security headers: Content-Security-Policy, X-Frame-Options, Strict-Transport-Security (HSTS), X-Content-Type-Options, Referrer-Policy, Permissions-Policy, and more. Get a scored assessment with recommendations.

Use Cases

Security audit of web applications
Verify security headers after deployment
Compliance checking (OWASP recommendations)
Competitive security benchmarking

Parameters

Name	Type	Required	Description
`domain`	string	Yes	Domain or URL to audit
`format`	string	No	Response format: json or markdown

Example Request

bash

curl -H 'X-API-Key: YOUR_KEY' \
  'https://api.example.com/dns/security-headers?domain=example.com'

python

import httpx

resp = httpx.get(
    "https://api.example.com/dns/security-headers?domain=example.com",
    headers={"X-API-Key": "YOUR_KEY"},
)
print(resp.json())

javascript

const resp = await fetch("https://api.example.com/dns/security-headers?domain=example.com", {
  headers: { "X-API-Key": "YOUR_KEY" },
});
const data = await resp.json();
console.log(data);

Example Response

json

{
  "url": "https://example.com",
  "score": 65,
  "headers": {
    "Strict-Transport-Security": {"present": true, "value": "max-age=31536000"},
    "Content-Security-Policy": {"present": false, "recommendation": "Add CSP header"}
  }
}

Security Headers Audit

Description

Use Cases

Parameters

Related Tools in Web

Technology Stack Detector

Port Scanner

Redirect Tracer