Live Demo

API Provider

Fast API
Fast API

Developer links

Scan HTTP Headers API
Scan HTTP Headers API

Scans HTTP response headers and return suggestions for each found case.

The rules

Checks protocol (http vs. https) and returns warning if it is not https.

Scanned headers

  • Server
    • Returns warning if server info is exposed.
  • Access-Control-Allow-Origin
    • Returns warning if its value is "*".
  • Content-Security-Policy
    • Returns missing header if this header is empty.
  • Referrer-Policy
    • Returns missing header if this header is empty.
  • Permissions-Policy
    • Returns missing header if this header is empty.
  • X-XSS-Protection
    • Returns missing header if this header is empty.
  • X-Content-Type-Options
    • Returns missing header if this header is empty.
  • X-Frame-Options
    • Returns missing header if this header is empty.

Possible Error (4xx & 5xx) Response Content

[
  "101": { 
    "code": 101, 
    "msg": "Generic error",
    "status": 500
  },
  "102": { 
    "code": 102, 
    "msg": "'url' parameter is required",
    "status": 400
  },
  "103": { 
    "code": 103, 
    "msg": "Given URL is invalid",
    "status": 400
  },
  "104": {
    "code": 104, 
    "msg": "Only 'GET' method is supported",
    "status": 400
  },
  "105": {
    "code": 105, 
    "msg": "Couldn't get the web-site",
    "status": 400
  }
]

Possible Success (200) Response Content

[
  "201": {
    "code": 201,
    "header": "",
    "msg": "Protocol is http",
    "suggestion": "https://letsencrypt.org/"
  },
  "202": {
    "code": 202,
    "header": "Server",
    "msg": "Server software information is exposed",
    "suggestion": "https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Server"
  },
  "203": {
    "code": 203,
    "header": "Access-Control-Allow-Origin",
    "msg": "Accessing this web-site is allowed for every domain",
    "suggestion": "https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS"
  },

  {
    "code": 301,
    "header": "Content-Security-Policy",
    "msg": "Header is missing",
    "suggestion": "https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP"
  },
  {
    "code": 302,
    "header": "Referrer-Policy",
    "msg": "Header is missing",
    "suggestion": "https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy"
  },
  {
    "code": 303,
    "header": "Permissions-Policy",
    "msg": "Header is missing",
    "suggestion": "https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy"
  },
  {
    "code": 304,
    "header": "X-XSS-Protection",
    "msg": "Header is missing",
    "suggestion": "https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection"
  },
  {
    "code": 305,
    "header": "X-Content-Type-Options",
    "msg": "Header is missing",
    "suggestion": "https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options"
  },
  {
    "code": 306,
    "header": "X-Frame-Options",
    "msg": "Header is missing",
    "suggestion": "https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options"
  }
]

Simple Transparent Pricing

No long term commitments. One click upgrade/downgrade or cancellation. No questions asked.

Free Plan

No credit cards required
10 Requests / Daily, 300 Requests / Monthly

Gold Plan

Monthly subscription
1,000 Requests / Daily, 30,000 Requests / Monthly

Diamond Plan

Monthly subscription
10,000 Requests / Daily, 300,000 Requests / Monthly

Custom Plan

Monthly subscription
Fully customizable
Fast and reliable
Verbose

Ready to try it out?

We offer a free plan. No credit cards required!


or see documentation

See Also

View All